CVE-2024-23108
CVE-2024-23108
In short
A security flaw in Fortinet allows attackers to run unauthorized commands on the system by sending specially crafted requests to an API. This is critical because attackers can take complete control of the affected device.
Technical detail
OS command injection vulnerability in Fortinet API endpoints due to improper input sanitization of special characters. Unauthenticated or low-privileged attackers can inject arbitrary shell commands through crafted API requests, leading to remote code execution with system-level privileges.
Summary generated and translated by AI from the official description.
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X
Affected products
Fortinet · FortiSIEMpublic PoCs found — 2
cve_referencegithub.com/horizon3ai/CVE-2024-23108★ 34githubgithub.com/hitem/CVE-2024-23108★ 5⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →