Thursday , November 14 2024
fortinet

Exploit released for maximum severity RCE In FORTINET SIEM

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution.

Horizon3’s Attack Team released a demonstration of a security vulnerability, identified as CVE-2024-23108, in Fortinet’s SIEM solution. This vulnerability allows attackers to run commands as the most powerful user on publicly accessible FortiSIEM devices.

Bitdefender releases free decryptor for ShrinkLocker ransomware

Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware....
Read More
Bitdefender releases free decryptor for ShrinkLocker ransomware

Fortinet releases updates for Various Products

Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take...
Read More
Fortinet releases updates for Various Products

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

Microsoft's latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited....
Read More
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

In February, Fortinet alerted about two important issues in FortiSIEM, known as CVE-2024-23108 and CVE-2024-23109 that could allow remote code execution.

“Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.” reads the advisory published by Fortinet.

The affected products are:

FortiSIEM version 7.1.0 through 7.1.1
FortiSIEM version 7.0.0 through 7.0.2
FortiSIEM version 6.7.0 through 6.7.8
FortiSIEM version 6.6.0 through 6.6.3
FortiSIEM version 6.5.0 through 6.5.2
FortiSIEM version 6.4.0 through 6.4.2

The CERT-EU also published an advisory for the above vulnerabilities:

“In February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.” reads the advisory published by CERT-EU. “Updating is recommended as soon as possible.”

This week, Horizon3’s Attack Team also published a technical analysis of the vulnerability.

“While the patches for the original PSIRT issue, FG-IR-23-130, attempted to escape user-controlled inputs at this layer by adding the wrapShellToken() utility, there exists a second order command injection when certain parameters to datastore.py are sent. There” reads the analysis.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)

Check Also

flowchart

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the …

Leave a Reply

Your email address will not be published. Required fields are marked *