Multiple remote unauthenticated os command injection

Multiple remote unauthenticated os command injection Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-130 Final 1 1 2023-10-10T00:00:00 Current version 2023-10-10T00:00:00 2024-01-31T00:00:00 Multiple improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM supervisor may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests. None Execute unauthorized code or commands FortiSIEM version 7.1.0 through 7.1.1FortiSIEM version 7.0.0 through 7.0.2FortiSIEM version 6.7.0 through 6.7.8FortiSIEM version 6.6.0 through 6.6.3FortiSIEM version 6.5.0 through 6.5.2FortiSIEM version 6.4.0 through 6.4.3FortiSIEM 6.3 all versions are not affectedFortiSIEM 6.2 all versions are not affectedFortiSIEM 6.1 all versions are not affectedFortiSIEM 5.4 all versions are not affectedFortiSIEM 5.3 all versions are not affected Please upgrade to FortiSIEM version 7.1.2 or above Please upgrade to FortiSIEM version 7.0.3 or abovePlease upgrade to FortiSIEM version 6.7.9 or abovePlease upgrade to FortiSIEM version 6.6.4 or abovePlease upgrade to FortiSIEM version 6.5.3 or abovePlease upgrade to FortiSIEM version 6.4.4 or abovePlease upgrade to upcoming FortiSIEM version 7.2.0 or above Fortinet is pleased to thank security researchers Zach Hanley (@hacks_zach) of Horizon3.ai for discovering and reporting this vulnerability under responsible disclosure. FortiSIEM 7.1.1 FortiSIEM 7.1.0 FortiSIEM 7.0.2 FortiSIEM 7.0.1 FortiSIEM 7.0.0 FortiSIEM 6.7.8 FortiSIEM 6.7.7 FortiSIEM 6.7.6 FortiSIEM 6.7.5 FortiSIEM 6.7.4 FortiSIEM 6.7.3 FortiSIEM 6.7.2 FortiSIEM 6.7.1 FortiSIEM 6.7.0 FortiSIEM 6.6.3 FortiSIEM 6.6.2 FortiSIEM 6.6.1 FortiSIEM 6.6.0 FortiSIEM 6.5.2 FortiSIEM 6.5.1 FortiSIEM 6.5.0 FortiSIEM 6.4.3 FortiSIEM 6.4.2 FortiSIEM 6.4.1 FortiSIEM 6.4.0 Multiple remote unauthenticated os command injection CVE-2023-34992 CVE-2024-23108 CVE-2024-23109 FortiSIEM-7.1.1 FortiSIEM-7.1.0 FortiSIEM-7.0.2 FortiSIEM-7.0.1 FortiSIEM-7.0.0 FortiSIEM-6.7.8 FortiSIEM-6.7.7 FortiSIEM-6.7.6 FortiSIEM-6.7.5 FortiSIEM-6.7.4 FortiSIEM-6.7.3 FortiSIEM-6.7.2 FortiSIEM-6.7.1 FortiSIEM-6.7.0 FortiSIEM-6.6.3 FortiSIEM-6.6.2 FortiSIEM-6.6.1 FortiSIEM-6.6.0 FortiSIEM-6.5.2 FortiSIEM-6.5.1 FortiSIEM-6.5.0 FortiSIEM-6.4.3 FortiSIEM-6.4.2 FortiSIEM-6.4.1 FortiSIEM-6.4.0 9.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-130 Multiple remote unauthenticated os command injection Reference>