Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team Zach Hanley has just published CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive with indicators of compromise and a link to the team’s proof of concept exploit on GitHub to blindly execute commands as root on vulnerable FortiSIEM appliances.
Hanley said: “Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems.”
FortiSIEM is Fortinet’s security information and event management (SIEM) with user and entity behavior analytics (UEBA), with the functionality typical to SIEM solutions such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs.
Related
This entry was posted on May 20, 2024 at 11:08 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Publishes Fortinet FortiSIEM Command Injection Deep-Dive & Exploit POC
Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team Zach Hanley has just published CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive with indicators of compromise and a link to the team’s proof of concept exploit on GitHub to blindly execute commands as root on vulnerable FortiSIEM appliances.
Hanley said: “Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems.”
FortiSIEM is Fortinet’s security information and event management (SIEM) with user and entity behavior analytics (UEBA), with the functionality typical to SIEM solutions such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs.
Share this:
Like this:
Related
This entry was posted on May 20, 2024 at 11:08 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.