CVSS 3.1 Score 10.0 of 10 (high)


Published Feb 5, 2024
Updated: Feb 7, 2024


CVE-2024-23109 is an OS command injection vulnerability found in Fortinet FortiSIEM versions 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2, affecting various products and models such as 's_hHYP', 'ucqUqm', 'ucqUqn', and others listed in the source text (source: [email protected]). This vulnerability allows attackers to execute unauthorized code or commands by exploiting improperly neutralized special elements used in an OS command via crafted API requests (source: [email protected]). The severity of this vulnerability is rated as critical with a base score of 10 out of 10 (source: [email protected]). To remediate this vulnerability, affected organizations should update their FortiSIEM software to the latest patched version provided by Fortinet (no specific version mentioned in the source text). The potential danger posed by this vulnerability includes unauthorized code execution and potential compromise of the affected systems' integrity and confidentiality (source: [email protected]).

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23109 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options