FortiSIEM Flub-Up: Fortinet’s CVE Chaos Unraveled – Update ASAP to Dodge RCE Danger!

Fortinet’s CVE-ception: Patch bypasses (not twins) CVE-2024-23108 and CVE-2024-23109 gatecrash the CVE-2023-34992 party. Upgrade or face the cyber-music!

Hot Take:

“Fortinet’s oopsie-daisy moment with CVE doppelgängers is like mistaking your reflection for a twin. But let’s not be too harsh; managing CVEs is like herding digital cats—sometimes one breaks free and you end up chasing your own tail.”

Key Points:

  • Fortinet issued a confusing advisory update for a critical FortiSIEM vulnerability, creating a CVE clone saga.
  • CVE-2024-23108 and CVE-2024-23109 were initially thought to be duplicates but are actually patch bypasses.
  • Zach Hanley, a vulnerability expert, was the mastermind who discovered these variants.
  • The “new” CVEs are just as bad as the original, allowing unauthorized command execution via API requests.
  • Fortinet recommends upgrading to the latest FortiSIEM versions to avoid being an easy target for cyber ne’er-do-wells.
fortisiem-flub-up-fortinets-cve-chaos-unraveled-update-asap-to-dodge-rce-danger
Cve id: CVE-2023-34992
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 10/10/2023
Cve description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Cve id: CVE-2024-23108
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Cve id: CVE-2024-23109
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Need to know more?

The CVE Clone Wars

It's like Fortinet's advisory board had one too many and sent out an update that gave cybersecurity folks a case of déjà vu. These CVEs - CVE-2024-23108 and CVE-2024-23109 - looked like the digital twins of CVE-2023-34992, but nope, they're actually the sneaky sequels. Think of them as the "Home Alone 2 and 3" to the original vulnerability's classic Christmas caper.

The Hanley Strikes Back

Zach Hanley, the Jedi of vulnerabilities, waved his lightsaber and revealed that these CVEs are not just a case of copy-paste gone wild. They're legitimate patch bypasses that deserve their own spotlight. Fortinet initially played it off as a misunderstanding, but eventually admitted they misstated faster than a politician caught tweeting after bedtime.

Patch Me If You Can

FortiSIEM users, listen up! It's time to play the software update game, where the only winning move is to patch, and patch fast. Fortinet's list of upcoming FortiSIEM releases is longer than a CVS receipt, so make sure you're on the latest version to keep the cyber baddies at bay.

The Patchwork Quilt of Security

Fortinet's mishap may be amusing, but remember, these vulnerabilities are like open windows in a haunted house – you never know what might creep in. Whether you're a small business or a giant enterprise, it's time to batten down the hatches and get those updates rolling before the ransomware goblins come knocking.

The Update Waiting Game

As of press time, BleepingComputer is on standby for Fortinet's response about the release dates for the other versions. If waiting for software updates were a sport, we'd all be Olympic athletes by now. Keep an eye out, because in the world of cybersecurity, the next update is always just around the corner... we hope.