Fortinet is warning of two new unpatched patch bypasses for a crucial distant code execution vulnerability in FortiSIEM, Fortinet’s SIEM resolution.
Fortinet added the 2 new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the unique advisory for the CVE-2023-34992 flaw in a really complicated replace.
Earlier at this time, BleepingComputer revealed an article that the CVEs have been launched by mistake after being instructed by Fortinet that they have been duplicates of the unique CVE-2023-34992.
“On this occasion, resulting from a problem with the API which we’re at the moment investigating, fairly than an edit, this resulted in two new CVEs being created, duplicates of the unique CVE-2023-34992,” Fortinet instructed BleepingComputer.
“There isn’t any new vulnerability revealed for FortiSIEM to this point in 2024, it is a system stage error and we’re working to rectify and withdraw the misguided entries.”
Nevertheless, it seems that CVE-2024-23108 and CVE-2024-23109 are literally patch bypasses for the CVE-2023-34992 flaw found by Horizon3 vulnerability professional Zach Hanley.
On X, Zach said that the brand new CVEs are patch bypasses for CVE-2023-34992, and the brand new IDs have been assigned to him by Fortinet.
After contacting Fortinet as soon as once more, we have been instructed their earlier assertion was “misstated” and that the 2 new CVEs are variants of the unique flaw.
“The PSIRT staff adopted its course of so as to add two related variants of the earlier CVE (CVE-2023-34992), tracked as CVE-2024-23108 and CVE-2024-23109 to our public advisory FG-IR-23-130, which was revealed in October 2023. The 2 new CVEs share the very same description and rating because the preliminary one; in parallel we up to date MITRE. A reminder pointing to the up to date Advisory can be included for our prospects on Tuesday when Fortinet publishes its month-to-month advisory.” – Fortinet.
These two new variants have the identical description as the unique flaw, permitting unauthenticated attackers to execute instructions by way of specifically crafted API requests.
“A number of improper neutralization of particular components utilized in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor might enable a distant unauthenticated attacker to execute unauthorized instructions by way of crafted API requests,” reads the advisory.
Whereas the unique flaw, CVE-2023-34992, was mounted in a earlier FortiSIEM launch, the brand new variants can be mounted or have been mounted within the following variations:
- FortiSIEM model 7.1.2 or above
- Upcoming FortiSIEM model 7.2.0 or above
- Upcoming FortiSIEM model 7.0.3 or above
- Upcoming FortiSIEM model 6.7.9 or above
- Upcoming FortiSIEM model 6.6.5 or above
- Upcoming FortiSIEM model 6.5.3 or above
- Upcoming FortiSIEM model 6.4.4 or above
As it is a crucial flaw, it’s strongly suggested that you just improve to one of many above FortiSIEM variations as quickly as they develop into obtainable.
Fortinet flaws are generally focused by menace actors, together with ransomware gangs, who use them to realize preliminary entry to company networks, so patching rapidly is essential.
BleepingComputer requested Fortinet when the opposite variations can be launched and can replace this story once we obtain a response.