InfoSecBulletin Cybersecurity for mankind
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution.
Horizon3’s Attack Team released a demonstration of a security vulnerability, identified as CVE-2024-23108, in Fortinet’s SIEM solution. This vulnerability allows attackers to run commands as the most powerful user on publicly accessible FortiSIEM devices.
Samsung phone is saving your passwords in plain text
UK Software Firm Exposed 8 million of Healthcare Worker Records
GitHub Enterprise Server Vulns Expose Risk of Code Execution
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
In February, Fortinet alerted about two important issues in FortiSIEM, known as CVE-2024-23108 and CVE-2024-23109 that could allow remote code execution.
“Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.” reads the advisory published by Fortinet.
The affected products are:
FortiSIEM version 7.1.0 through 7.1.1
FortiSIEM version 7.0.0 through 7.0.2
FortiSIEM version 6.7.0 through 6.7.8
FortiSIEM version 6.6.0 through 6.6.3
FortiSIEM version 6.5.0 through 6.5.2
FortiSIEM version 6.4.0 through 6.4.2
The CERT-EU also published an advisory for the above vulnerabilities:
“In February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.” reads the advisory published by CERT-EU. “Updating is recommended as soon as possible.”
This week, Horizon3’s Attack Team also published a technical analysis of the vulnerability.
“While the patches for the original PSIRT issue, FG-IR-23-130, attempted to escape user-controlled inputs at this layer by adding the wrapShellToken() utility, there exists a second order command injection when certain parameters to datastore.py are sent. There” reads the analysis.
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)
