Security Advisory

Fortinet (FortiSIEM) Security Update Advisory (CVE-2024-23108)

Feb 15 2024

Overview

An update has been made available to address a vulnerability in Fortinet (FortiSIEM). users of affected versions are encouraged to update to the latest version.

Affected Products

FortiSIEM versions 7.1.0 through 7.1.1
FortiSIEM versions 7.0.0 through 7.0.2
FortiSIEM versions 6.7.0 through 6.7.8
FortiSIEM 6.6.0 through 6.6.3 Versions
FortiSIEM 6.5.0 through 6.5.2 Versions
FortiSIEM 6.4.0 through 6.4.2 versions

Resolved Vulnerabilities

Multiple remote unauthenticated OS command injection vulnerabilities in FortiSIEM (CVE-2024-23108)

Vulnerability Patches

Vulnerability patches were made available in the January 31, 2024 update. please follow the instructions on the reference site to update to the latest vulnerability patch version.

FortiSIEM versions 7.1.3, 7.0.3, and 6.7.9
FortiSIEM versions 7.2.0, 6.6.5, 6.5.3, 6.4.4 (coming soon)

Reference Sites

[1] CVE-2024-23108 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-23108
[2] FortiSIEM – Multiple remote unauthenticated os command injection
https://www.fortiguard.com/psirt/FG-IR-23-130

Previous Post

MS Family February 2024 Routine Security Update Advisory

Next Post

IBM family of products (IBM Cloud Object System, IBM Cloud Pak System, etc.) security update advisory