CVE-2024-23109: 
FortiSIEM vulnerability analysis and mitigation

An improper neutralization of special elements used in an OS command (OS command injection) vulnerability was identified in Fortinet FortiSIEM affecting versions 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2. The vulnerability allows remote unauthenticated attackers to execute unauthorized code or commands via crafted API requests (Fortinet Advisory).

The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and has received a Critical severity rating. The CVSS v3.1 base score is 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H according to NVD, while Fortinet assigned a CVSS score of 10.0 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to execute unauthorized code or commands on affected FortiSIEM systems, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiSIEM version 7.1.2 or above, 7.0.3 or above, 6.7.9 or above, 6.6.4 or above, 6.5.3 or above, or 6.4.4 or above. Alternatively, users can upgrade to the upcoming FortiSIEM version 7.2.0 or above (Fortinet Advisory).

The vulnerability was discovered and reported by security researcher Zach Hanley (@hacks_zach) of Horizon3.ai under responsible disclosure (Fortinet Advisory).