PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it aggregates logs and correlates information for threat detection and hunting, and allows automated response and remediation. CVE-2024-23108 and CVE-2024-23109 are OS command injection vulnerabilities in the FortiSIEM supervisor and can be exploited remotely, without authentication, with specially … More →

The post …

assets build command concept critical customers cve cve-2024 detection don't miss enterprise exploit exploits flaws fortinet fortisiem horizon3 horizon3.ai hot stuff hunting information inventory logs organization poc proof proof-of-concept root threat threat detection unauthenticated vulnerabilities vulnerability