CVE-2024-23109

CWE-78 — OS Command Injection6 documents6 sources

Severity

9.8CRITICAL

EPSS

7.0%

top 8.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisiem

Timeline

PublishedFeb 5

Latest updateFeb 7

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5fortinet/fortisiem7.0.0 — 7.0.2+5

▶NVDfortinet/fortisiem6.4.0 — 6.4.2+6

🔴Vulnerability Details

GHSA

GHSA-27xq-w3jc-436c: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7↗2024-02-05

▶

CVEList

CVE-2024-23109: An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute una↗2024-02-05

▶

VulnCheck

Fortinet FortiSIEM Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2024

▶

📋Vendor Advisories

Fortinet

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet...↗2023-10-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure↗2024-02-07

▶