Fortinet has issued a warning regarding two new unpatched patch bypasses for a critical remote code execution vulnerability in their SIEM solution, FortiSIEM. Originally thought to be duplicates of a previous flaw, these new vulnerabilities, tracked as CVE-2024-23108 and CVE-2024-23109, have been confirmed as patch bypasses by Horizon3 vulnerability expert Zach Hanley. Despite initial confusion, Fortinet clarified that these variants are indeed patch bypasses for the original CVE-2023-34992 flaw, underscoring the importance of prompt action.
As a response to the situation, Fortinet’s PSIRT team followed their process to add these variants to the original advisory, with the intention to update their customers on the matter. The severity of the vulnerability lies in its potential to allow unauthenticated attackers to execute unauthorized commands via crafted API requests, emphasizing the critical need for immediate attention. Fortinet advises upgrading to specific versions of FortiSIEM, as they contain fixes for these vulnerabilities, crucial for mitigating potential threats.
Given the common targeting of Fortinet flaws by threat actors, including ransomware gangs, prompt patching is imperative to prevent unauthorized access to corporate networks. The discovery of these patch bypasses underscores the ongoing challenges in ensuring system security, requiring continuous vigilance and proactive measures to mitigate risks effectively.