Proof-of-concept exploits for critical FortiSIEM vulnerabilities: Patch now!
IT security researchers have published proof-of-concept exploits for critical vulnerabilities in FortiSIEM. High time to install the updates.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Fortinet's FortiSIEM security platform has security vulnerabilities classified as critical, and updates have been available since October last year and the end of January this year. IT security researchers from horizon3.ai have now published proof-of-concept exploits that demonstrate the misuse of the gaps. It is high time for IT administrators to download and apply the updates now.
In the accompanying security advisory, Fortinet writes that multiple inadequate filtering of specific elements used in a command to the operating system opens up the vulnerability. With manipulated API requests, unauthenticated attackers can thus execute unauthorized commands in the FortiSIEM Supervisor (CVE-2023-34992, CVE-2024-23108, CVE-2024-23109; CVSS 9.7, risk"critical").
First bug fix insufficient
The updates from October 2023 were apparently insufficient, and Fortinet's developers had to fix two more similar vulnerabilities at the end of January. The IT researchers at horizon3.ai recently published a proof-of-concept exploit for the vulnerability from October, which demonstrates how commands can be injected and executed as the root user if the leak is exploited.
The IT forensics experts have also published a proof-of-concept explo it for the vulnerabilities that were added later. Cybercriminals now have blueprints that they can use to upgrade their toolkits for attacks - and experience has shown that they do so. Admins should therefore install the available updates now at the latest.
IT security expert Will Dormann writes somewhat maliciously on Mastodon that the exploits for the old and the later patched security holes differ only in the positioning of a semicolon in the argument sequence. The expectation of a large IT security company like Fortinet is that developers check the surrounding code to a vulnerability for other similar flaws, which apparently was not done promptly.
Two weeks ago, Fortinet closed several gaps. These included a high-risk vulnerability in FortiWebManager and others in FortiPortal, FortiSandbox and FortiSOAR.
(dmk)