{"id":163797,"date":"2024-05-28T18:43:10","date_gmt":"2024-05-28T18:43:10","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163797"},"modified":"2024-05-28T19:11:33","modified_gmt":"2024-05-28T19:11:33","slug":"fortinet-siem-critical-rce-poc","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163797\/hacking\/fortinet-siem-critical-rce-poc.html","title":{"rendered":"Experts released PoC exploit code for RCE in Fortinet SIEM"},"content":{"rendered":"
<\/div>\n

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution.<\/h2>\n\n\n\n

Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC)<\/a> exploit for a remote code execution issue, tracked as CVE-2024-23108<\/a>, in Fortinet’s SIEM solution. The PoC exploit allows executing commands as root on Internet-facing FortiSIEM appliances.<\/p>\n\n\n\n

In February, cybersecurity vendor Fortinet warned<\/a> of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could lead to remote code execution.<\/p>\n\n\n\n

\u201cMultiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.\u201d reads the advisory<\/a> published by Fortinet.<\/em><\/p>\n\n\n\n

The affected products are:<\/p>\n\n\n\n