Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.
Earlier today, BleepingComputer published an article that the CVEs were released by mistake after being told by Fortinet that they were duplicates of the original CVE-2023-34992.
It turns out that CVE-2024-23108 and CVE-2024-23109 are actually patch bypasses for the CVE-2023-34992 flaw discovered by Horizon3 vulnerability expert Zach Hanley.
On X, Zach stated that the new CVEs are patch bypasses for CVE-2023-34992, and the new IDs were assigned to him by Fortinet.
These two new variants have the same description as the original flaw, allowing unauthenticated attackers to execute commands via specially crafted API requests.
As this is a critical flaw, it is strongly advised that you upgrade to one of the above FortiSIEM versions as soon as they become available.
Fortinet flaws are commonly targeted by threat actors, including ransomware gangs, who use them to gain initial access to corporate networks, so patching quickly is crucial.
BleepingComputer asked Fortinet when the other versions will be released and will update this story when we receive a response.
Over 1,450 pfSense servers exposed to RCE attacks via bug chain.
Critical flaw in Shim bootloader impacts major Linux distros.
Chinese hackers infect Dutch military network with malware.
JetBrains warns of new TeamCity auth bypass vulnerability.
Google says spyware vendors behind most zero-days it discovers.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 08 Feb 2024 01:01:15 +0000


Cyber News related to Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure - Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original ...
1 year ago Bleepingcomputer.com CVE-2024-23108 CVE-2024-23109 CVE-2023-34992
A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
1 year ago Go.theregister.com CVE-2024-23113 CVE-2024-23108 CVE-2024-23109 CVE-2023-34992
Fortinet warns of critical command injection bug in FortiSIEM - Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. FortiSIEM is a ...
1 year ago Bleepingcomputer.com CVE-2023-36553 CVE-2023-34992 LockBit
New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
1 year ago Bleepingcomputer.com CVE-2023-34992 Volt Typhoon
Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
1 year ago Darkreading.com CVE-2024-48788 CVE-2023-27997 CVE-2022-40684 CVE-2023-34993 CVE-2023-34991 CVE-2023-48782 CVE-2023-42783 Volt Typhoon
CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-22024 CVE-2023-27997 CVE-2024-23113 Volt Typhoon
New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows ...
1 year ago Bleepingcomputer.com CVE-2024-23113 CVE-2023-44487 CVE-2023-47537 CVE-2024-21762 Volt Typhoon
Twin Max-Severity Bugs Open Fortinet's SIEM to Code Execution - Two critical vulnerabilities in Fortinet's FortiSIEM product have been assigned provisional CVSS scores of 10. What is known is that the vulnerabilities, tracked under CVE-2024-23108 and CVE-2024-23109, are command injection flaws that could ...
1 year ago Darkreading.com CVE-2024-23108 CVE-2024-23109
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
1 year ago Bleepingcomputer.com CVE-2023-48788 CVE-2024-21762 Volt Typhoon
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
10 months ago Bleepingcomputer.com CVE-2024-23108 CVE-2023-34992 Volt Typhoon
Exploitation activity increasing on Fortinet vulnerability - Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month. In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-27162
Fortinet unveils networking solution integrated with Wi-Fi 7 - Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet's first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet ...
1 year ago Helpnetsecurity.com
Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com Rocke
New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
2 weeks ago Bleepingcomputer.com LockBit CVE-2024-55591
Fortinet Adds Generative AI Tool to Security Operations Portfolio - Fortinet today added a generative artificial intelligence tool to its portfolio to eliminate a range of manual tasks that security operations teams would otherwise need to perform. John Maddison, chief marketing officer for Fortinet, said Fortinet ...
1 year ago Securityboulevard.com
Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access - A proof-of-concept exploit for a critical vulnerability in Fortinet's FortiSIEM product has emerged, paving the way for broad exploitation. The vulnerability, tracked under CVE-2024-23108, was disclosed and patched in February, along with a related ...
10 months ago Darkreading.com CVE-2024-23108 CVE-2024-23109
133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register - The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, ...
1 year ago Go.theregister.com CVE-2024-21762 CVE-2023-48788 Volt Typhoon
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
1 year ago Darkreading.com CVE-2024-20674 CVE-2024-20700 CVE-2024-21307 CVE-2024-21318 CVE-2023-21310 CVE-2023-36036 CVE-2024-20653 CVE-2024-20698 CVE-2024-20683 CVE-2024-20686
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
10 months ago Feeds.fortinet.com
Apple To Overhaul 'Confusing' iPad Family - New versions of iPad Pro and iPad Air reportedly on the way, as Apple seeks to make iPad portfolio less confusing. Apple is reportedly planning a major overhaul of its iPad portfolio, as the tablet family has been described as confusing due to the ...
1 year ago Silicon.co.uk
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
10 months ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 CVE-2023-3519
Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
1 year ago Bleepingcomputer.com CVE-2023-35137 CVE-2023-35138
Fortinet Warns of New FortiOS Zero-Day - Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild. The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4. ...
1 year ago Securityweek.com CVE-2024-21762 CVE-2022-42475 CVE-2023-27997 CVE-2024-23113 Volt Typhoon
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks - Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure. One of the exploited ...
1 year ago Securityweek.com CVE-2022-42475 CVE-2023-27997 APT1 APT3 Volt Typhoon

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)