Vulnerability Details CVE-2024-23108
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.898
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 10.0
References
Products affected by CVE-2024-23108
-
cpe:2.3:a:fortinet:fortisiem:6.4.0
-
cpe:2.3:a:fortinet:fortisiem:6.4.1
-
cpe:2.3:a:fortinet:fortisiem:6.4.2
-
cpe:2.3:a:fortinet:fortisiem:6.5.0
-
cpe:2.3:a:fortinet:fortisiem:6.5.1
-
cpe:2.3:a:fortinet:fortisiem:6.5.2
-
cpe:2.3:a:fortinet:fortisiem:6.6.0
-
cpe:2.3:a:fortinet:fortisiem:6.6.1
-
cpe:2.3:a:fortinet:fortisiem:6.6.2
-
cpe:2.3:a:fortinet:fortisiem:6.6.3
-
cpe:2.3:a:fortinet:fortisiem:6.7.0
-
cpe:2.3:a:fortinet:fortisiem:6.7.1
-
cpe:2.3:a:fortinet:fortisiem:6.7.2
-
cpe:2.3:a:fortinet:fortisiem:6.7.3
-
cpe:2.3:a:fortinet:fortisiem:6.7.4
-
cpe:2.3:a:fortinet:fortisiem:6.7.5
-
cpe:2.3:a:fortinet:fortisiem:6.7.6
-
cpe:2.3:a:fortinet:fortisiem:6.7.7
-
cpe:2.3:a:fortinet:fortisiem:6.7.8
-
cpe:2.3:a:fortinet:fortisiem:7.0.0
-
cpe:2.3:a:fortinet:fortisiem:7.0.1
-
cpe:2.3:a:fortinet:fortisiem:7.0.2
-
cpe:2.3:a:fortinet:fortisiem:7.1.0
-
cpe:2.3:a:fortinet:fortisiem:7.1.1