Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in FortiSIEM
Alerts

Critical Vulnerabilities in FortiSIEM

30 May 2024

Fortinet has released updates addressing critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) affecting their FortiSIEM products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the remote code execution vulnerabilities in FortiSIEM could allow an unauthenticated attacker to perform remote code execution via specially crafted Application Programming Interface (API) requests.

The vulnerabilities affect the following product versions:

  • FortiSIEM version 7.1.0 through 7.1.1

  • FortiSIEM version 7.0.0 through 7.0.2

  • FortiSIEM version 6.7.0 through 6.7.8

  • FortiSIEM version 6.6.0 through 6.6.3

  • FortiSIEM version 6.5.0 through 6.5.2

  • FortiSIEM version 6.4.0 through 6.4.2

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/

https://www.fortiguard.com/psirt/FG-IR-23-130

Back to top