Sign In

CVE-2024-23109

📊 10.0 CRITICAL5.0%🎯 0 exploits
📅 Published Feb 5, 2024
📋 Status: Modified

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

🎯 Affected Products & Systems

7 product configurations affected

Filter by type:
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 6.4.0 ∧ ≤ 6.4.2
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 6.5.0 ∧ ≤ 6.5.2
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 6.6.0 ∧ ≤ 6.6.3
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 6.7.0 ∧ ≤ 6.7.8
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 7.0.0 ∧ ≤ 7.0.2
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: 7.1.0
CPE:
cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: 7.1.1
CPE:
cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*
7 productsscroll for more
Metrics
10.0 CRITICALCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Modified
CVSS Details
10.0 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
5.0% (Minimal)89.2th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Feb 5, 2024 (1 year ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses2
References2