UPDATE (2/8/2024) - 

Yesterday, Avertium published a flash notice explaining the mass confusion surrounding two Fortinet FortiSIEM vulnerabilities (CVE-2024-23108 and CVE-2024-23109) that the company initially stated did not exist and were duplicates of a previously identified vulnerability, CVE-2023-34992. 

However, today, Fortinet appears to have reversed its stance and issued updates for CVE-2024-23108 and CVE-2024-23109, which act as bypasses for CVE-2023-34992. These bypasses were identified by a researcher from Horizon3. Both CVE-2024-23108 and CVE-2024-23109 have a CVSS score of 9.8 and could potentially allow remote unauthenticated attackers to execute unauthorized commands via specially crafted API requests. Fortinet plans to address these vulnerabilities in the following versions of FortiSIEM: 

  • Version 7.1.2 or above 
  • Version 7.2.0 or above (upcoming) 
  • Version 7.0.3 or above (upcoming) 
  • Version 6.7.9 or above (upcoming) 
  • Version 6.6.5 or above (upcoming) 
  • Version 6.5.3 or above (upcoming) 
  • Version 6.4.4 or above (upcoming) 

Additional details will be provided in Avertium's flash notice as they become accessible. 

 

 

overview

This week, the National Vulnerability Database (NVD) issued two critical advisories regarding command injection vulnerabilities supposedly affecting Fortinet's FortiSIEM products. As a result, Avertium was all set to issue a flash notice to our customers ensuring their security.  

However, further investigation reveals that these vulnerabilities, tracked as CVE-2024-23108 and CVE-2024-23109, are not new; rather, they are duplicates of a previously identified vulnerability, CVE-2023-34992.  

Fortinet has clarified that these new CVEs were generated in error due to an issue with the API, and there is no actual new vulnerability in FortiSIEM for 2024. The original vulnerability (CVE-2023-34992), disclosed in October 2023, allows unauthenticated remote attackers to execute unauthorized commands via crafted API requests. According to the CVE entries, the following FortiSIEM versions are impacted by CVE-2023-34992:  

  • 7.1.0 to 7.1.1 
  • 7.0.0 to 7.0.2 
  • 6.7.0 to 6.7.8  
  • 6.6.0 to 6.6.3  
  • 6.5.0 to 6.5.2 
  • 6.4.0 to 6.4.2 

Fortinet recommends immediate patching for the vulnerability. Organizations that have already addressed CVE-2023-34992 need not take further action. 

 

 

avertium's recommendationS

Solutions for CVE-2023-34992 (per Fortinet):
  • Please upgrade to FortiSIEM version 7.1.2 or above 
  • Please upgrade to upcoming FortiSIEM version 7.2.0 or above 
  • Please upgrade to upcoming FortiSIEM version 7.0.3 or above 
  • Please upgrade to upcoming FortiSIEM version 6.7.9 or above 
  • Please upgrade to upcoming FortiSIEM version 6.6.5 or above 
  • Please upgrade to upcoming FortiSIEM version 6.5.3 or above 
  • Please upgrade to upcoming FortiSIEM version 6.4.4 or above 


 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-34992. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 




 

SUPPORTING DOCUMENTATION

PSIRT | FortiGuard 

Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error (bleepingcomputer.com) 

Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution (darkreading.com) 

Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register 

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com) 

 
Chat With One of Our Experts



Flash Notice Fortinet Vulnerability Fortinet Critical Vulnerability Blog