image credit: Unsplash

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution.

Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by unauthenticated attackers, are low in complexity, and require no user interaction to pull off.

In registering the CVE identities for the vulnerabilities, Fortinet linked to its own advisory to provide more information, but the link directs users to an older issue that was addressed in early October 2023.

Read More on The Register