CVE-2024-23109

Summary

CVE-2024-23109 is an OS command injection vulnerability found in Fortinet FortiSIEM versions 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2, affecting various products and models such as 's_hHYP', 'ucqUqm', 'ucqUqn', and others listed in the source text (source: [email protected]). This vulnerability allows attackers to execute unauthorized code or commands by exploiting improperly neutralized special elements used in an OS command via crafted API requests (source: [email protected]). The severity of this vulnerability is rated as critical with a base score of 10 out of 10 (source: [email protected]). To remediate this vulnerability, affected organizations should update their FortiSIEM software to the latest patched version provided by Fortinet (no specific version mentioned in the source text). The potential danger posed by this vulnerability includes unauthorized code execution and potential compromise of the affected systems' integrity and confidentiality (source: [email protected]).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.