CVE-2024-23108

Published Feb 5, 2024

Last updated 9 months ago

Overview

Description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.
Source: psirt@fortinet.com
NVD status: Analyzed

Hype score: Not currently trending

pews pews coming from 45.93.20.128 Usage of BruteRatel mass_exploit scripts CVE-2023-26360 CVE-2024-21683 CVE-2024-23108 CVE-2024-29895 CVE-2024-29895 credits: @learntocatch https://t.co/gV5QpvVekv
@banthisguy9349
Oct 25, 2024 12:43 PM
1445 Impressions
3 Retweets
24 Likes
7 Bookmarks
1 Reply
0 Quotes

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

psirt@fortinet.com: CWE-78

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23FA8F49-E85A-402F-91CF-293EF5C60B29",
            "versionEndIncluding": "6.4.2",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE42081E-AF1E-4FEB-9570-324A7FB8A9A6",
            "versionEndIncluding": "6.5.2",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB301503-0ECB-4D21-B341-ACF0F302CF85",
            "versionEndIncluding": "6.6.3",
            "versionStartIncluding": "6.6.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71C5093F-7D96-46B5-8DF7-068877E71F67",
            "versionEndIncluding": "6.7.8",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFE7DE50-FC7B-4F64-8324-F6BF302B4667",
            "versionEndIncluding": "7.0.2",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C9E32B0-8C95-40D7-B31F-54626D1F7AFE"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0016873D-3247-4B9A-9519-46C88EEBB3BF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References