Vulnerability Name: Fortinet FortiSIEM Platforms Vulnerability
CVE #s: CVE-2024-23108 and CVE-2024-23109
Platform or Software Package(s) Affected: Fortinet FortiSIEM product line (version 7.1.1 and any version prior)
Criticality: Critical (CVE scores of 10)
Recommended Action: For any customers using the above-noted Fortinet FortiSIEM versions, visit the vendor’s website immediately. Patches are available, depending on which firmware/software version you are running, to patch this critical vulnerability.
Overview of Concern and Overview of Remediation: The Fortigate FortiSIEM product for log collection and analysis is affected by two critical-ranking vulnerabilities that allow for command injection flaws, which can allow the execution of unauthorized code. Versions 7.1.2 and above currently address this flaw. However, more research is being done, and new releases may be issued in the near future. Clients using affected Fortigate FortiSIEM products should diligently check the manufacturer’s website for future releases after patching their system, as research may find further vulnerabilities and the need for further patching. Additional information is linked below:
https://www.cve.org/CVERecord?id=CVE-2024-23109
https://www.cve.org/CVERecord?id=CVE-2024-23108
Additionally, we urge all customers using any Fortigate product (not just their security information and event management solutions) to review Fortigate’s website and news relating to this vulnerability, as often vendors will later announce other affected products. Please be vigilant in updating your products more often in the upcoming days/weeks.
Please contact Jeremy Burris at S.R. Snodgrass, P.C. with any questions (jburris@srsnodgrass.com).