Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.
Earlier today, BleepingComputer published an article that the CVEs were released by mistake after being told by Fortinet that they were duplicates of the original CVE-2023-34992.
It turns out that CVE-2024-23108 and CVE-2024-23109 are actually patch bypasses for the CVE-2023-34992 flaw discovered by Horizon3 vulnerability expert Zach Hanley.
On X, Zach stated that the new CVEs are patch bypasses for CVE-2023-34992, and the new IDs were assigned to him by Fortinet.
These two new variants have the same description as the original flaw, allowing unauthenticated attackers to execute commands via specially crafted API requests.
As this is a critical flaw, it is strongly advised that you upgrade to one of the above FortiSIEM versions as soon as they become available.
Fortinet flaws are commonly targeted by threat actors, including ransomware gangs, who use them to gain initial access to corporate networks, so patching quickly is crucial.
BleepingComputer asked Fortinet when the other versions will be released and will update this story when we receive a response.
Over 1,450 pfSense servers exposed to RCE attacks via bug chain.
Critical flaw in Shim bootloader impacts major Linux distros.
Chinese hackers infect Dutch military network with malware.
JetBrains warns of new TeamCity auth bypass vulnerability.
Google says spyware vendors behind most zero-days it discovers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 08 Feb 2024 01:01:15 +0000