vuln disclosure
Fortinet FortiSIEM OS Command Injection Vulnerability (CVE-2024-23108)CVE-2024-23108
A critical OS command injection vulnerability (CVE-2024-23108) in Fortinet FortiSIEM allows unauthenticated remote attackers to execute arbitrary commands via crafted API requests. Public proof-of-concept exploits are available, and the vulnerability has a CVSS score of 10.0. Fortinet has released patches in versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, and 7.0.1 or later.