CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23108: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and...

10.0 CVSS

Description

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Classification

CVE ID: CVE-2024-23108

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

Execute unauthorized code or commands

Affected Products

Vendor: Fortinet

Product: FortiSIEM

Exploit Prediction Scoring System (EPSS)

EPSS Score: 89.79% (probability of being exploited)

EPSS Percentile: 99.53% (scored less or equal to compared to others)

EPSS Date: 2025-05-23 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23108
https://fortiguard.com/psirt/FG-IR-23-130

Timeline

2025-04-24 16:40:15 UTC
CVE

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and...