Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Fortinet’s Epic Fail: New Exploit Unleashes Chaos on Unpatched Systems
Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet’s SIEM solution. Tracked as CVE-2024-23108, this flaw allows remote command execution as root without authentication. Fortinet initially denied the CVEs but later confirmed them as variants of a previously fixed vulnerability.
Hot Take:
Fortinet’s SIEM vulnerability is like leaving your front door wide open with a sign that says “Free WiFi Inside!”—except instead of free WiFi, you’re offering hackers a free pass to all your sensitive data. Oops!
Key Points:
- CVE-2024-23108 is a command injection vulnerability in Fortinet’s FortiSIEM.
- The flaw allows remote command execution as root without authentication.
- Fortinet initially denied the existence of these CVEs, attributing them to a “system-level error.”
- Horizon3 released a proof-of-concept exploit for this vulnerability, making it easier for attackers to exploit unpatched systems.
- Fortinet vulnerabilities are commonly targeted in ransomware and cyber espionage attacks.
Oops, We Did It Again
Security researchers have thrown the proverbial pie in Fortinet’s face by releasing a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet’s security information and event management (SIEM) solution. Known as CVE-2024-23108, this command injection vulnerability allows remote command execution as root without needing so much as a password. That’s right, folks—your fortresses are wide open!
Denied, Denied, and Denied Again
Initially, Fortinet was in full-on denial mode, claiming the CVEs were just duplicates of a previously fixed flaw (CVE-2023-34992). They chalked up the new disclosures to a “system-level error” caused by an API glitch. But, as it turns out, these CVEs were as real as your morning coffee spill. Eventually, Fortinet confirmed that they were indeed variants of the original vulnerability.
Patch It Like It’s Hot
Despite the initial denial, Fortinet did patch the flaw back in February. However, three months later, Horizon3 decided to share a PoC exploit and a technical deep-dive, effectively throwing a wrench into Fortinet’s patch-and-forget strategy. According to Zach Hanley from Horizon3, even though Fortinet tried to escape user-controlled inputs by introducing the wrapShellToken() utility, a second-order command injection was still possible via certain parameters sent to datastore.py. Talk about slipping on a banana peel!
Exploit Circus Is in Town
The PoC exploit released by Horizon3 allows anyone with access to the Internet to execute commands as root on any unpatched FortiSIEM appliances. It’s like handing over the keys to your kingdom to every hacker in town. If that wasn’t enough, Horizon3 also released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is already being actively exploited in attacks. Double trouble!
Fortinet: A Hacker’s Best Friend?
Fortinet vulnerabilities are a hot commodity in the cybercrime world, often exploited in ransomware and cyber espionage attacks. For instance, Chinese Volt Typhoon hackers recently made headlines by using FortiOS SSL VPN flaws to deploy the Coathanger remote access trojan (RAT). This RAT was also used to backdoor a military network of the Dutch Ministry of Defence. Who knew Fortinet would be such an accidental ally to cybercriminals?
Already a member? Log in here