{"id":3792,"date":"2024-05-29T13:04:01","date_gmt":"2024-05-29T18:04:01","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/exploit-fortinet-critical-rce-bug-siem-root-access"},"modified":"2024-05-29T13:04:01","modified_gmt":"2024-05-29T18:04:01","slug":"exploit-for-fortinet-critical-rce-bug-allows-siem-root-access","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/29\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access\/","title":{"rendered":"Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blte1070b24fbf6dc63\/659dbf58902244040ace8329\/bugs_Andrii_Yalanskyi_shutterstock.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A proof-of-concept exploit (PoC) for a critical vulnerability in Fortinet&#8217;s FortiSIEM product has emerged, paving the way for broad exploitation.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The vulnerability, tracked under <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/fortinet-fortisiem-hit-with-twin-max-severity-bugs\" rel=\"noopener\">CVE-2024-23108, <\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">was disclosed and patched in February, along with a related bug, CVE-2024-23109. Both carry max-severity scores of 10 on the CVSS scale, and are unauthenticated command injection flaws that could potentially let threat actors use crafted API requests for remote code execution (RCE).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">According to researchers at Horizon3AI, the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/github.com\/horizon3ai\/CVE-2024-23108\" rel=\"noopener\">exploit<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, which they dubbed &#8220;NodeZero,&#8221; allows users to &#8220;blindly execute commands as root on vulnerable FortiSIEM appliances.&#8221; In their PoC, they used the exploit to load a <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.horizon3.ai\/attack-research\/disclosures\/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive\/\" rel=\"noopener\">remote-access tool<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> for post-exploitation activities.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">FortiSIEM is Fortinet&#8217;s security information and event management (SIEM) platform, used for enabling enterprise cybersecurity operations centers. As such, a compromise could offer a significant beachhead for launching further incursions into corporate environments.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">FortiSIEM versions impacted by the flaws include version 7.1.0 through 7.1.1; 7.0.0 through 7.0.2; 6.7.0 through 6.7.8; 6.6.0 through 6.6.3; 6.5.0 through 6.5.2; and 6.4.0 through 6.4.2. Users should patch immediately to avoid compromise.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/exploit-fortinet-critical-rce-bug-siem-root-access\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A proof-of-concept exploit (PoC) for a critical vulnerability in Fortinet&#8217;s<\/p>\n","protected":false},"author":12,"featured_media":3793,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=1000%2C631&ssl=1",1000,631,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=300%2C189&ssl=1",300,189,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=640%2C404&ssl=1",640,404,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=640%2C404&ssl=1",640,404,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=1000%2C631&ssl=1",1000,631,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=1000%2C631&ssl=1",1000,631,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=1000%2C631&ssl=1",1000,631,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/exploit-for-fortinet-critical-rce-bug-allows-siem-root-access.jpg?fit=1000%2C631&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3792"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3792\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3793"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}