Two New FortiSIEM Max-severity Flaw Let Attackers Execute Remote Code

FortiSIEM has been discovered with multiple OS command injection vulnerabilities, which could allow an unauthenticated remote threat actor to execute unauthorized commands on FortiSIEM via crafted API requests. The CVEs for these vulnerabilities have been assigned with CVE-2024-23108 and CVE-2024-23109. The severity of these vulnerabilities was given as critical (>=9.8). However, Fortiguard has fixed all […]

The post Two New FortiSIEM Max-severity Flaw Let Attackers Execute Remote Code appeared first on Cyber Security News.

actor api attackers code command command injection critical cve cves cyber security execute remote code flaw fortisiem injection os command remote code requests severity threat threat actor unauthenticated unauthorized vulnerabilities vulnerability