In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems. FortiSIEM Overview The FortiSIEM allows customers to do many of the expected functions of a typical SIEM solution such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs. Figure 1. Example Deployment In a FortiSIEM deployment, there are four types of roles that a system can have: ● Supervisor – for smaller deployments this is all that’s needed, and supervises other roles ● Worker – handles all the data coming from Collectors in larger environments ● Collector – used to scale data collection from various geographically separated network environments, potentially behind firewalls ● Manager – can be used to monitor and manage multiple FortiSIEM instances For the purposes of […]
The post CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive appeared first on Horizon3.ai.
The post CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive appeared first on Security Boulevard.