- Description
- An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortisiem
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-78
- Hype score
- Not currently trending
csirt_it: 📷#Fortinet: rilevato lo sfruttamento attivo in rete della CVE-2024-23108 https://t.co/xsgw9IDM5q https://t.co/taZyOHddhj
@Vulcanux_
19 Jan 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-23108 - critical 🚨 Fortinet FortiSIEM - OS Command Injection > FortiSIEM versions 6.4.0 through 7.1.1 contain an OS command injection vulnerability ... 👾 https://t.co/pWINvgb2em @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
29 Oct 2025
210 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 ALERT: Fortinet Under Fire 🚨 Leaked KeyPlug APT server exposed elite tools targeting Fortinet firewalls & VPNs—brief window, massive insight. 🧠 Scripts abusing CVE-2024-23108/09 🔓 Bypass via spoofed local headers 🕵️ Recon on Shiseido = high-value target 💥 Webshells, z
@CareWeDoNot
18 Apr 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-23108
@transilienceai
11 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
pews pews coming from 45.93.20.128 Usage of BruteRatel mass_exploit scripts CVE-2023-26360 CVE-2024-21683 CVE-2024-23108 CVE-2024-29895 CVE-2024-29895 credits: @learntocatch https://t.co/gV5QpvVekv
@banthisguy9349
25 Oct 2024
1445 Impressions
3 Retweets
24 Likes
7 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FA8F49-E85A-402F-91CF-293EF5C60B29",
"versionEndIncluding": "6.4.2",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE42081E-AF1E-4FEB-9570-324A7FB8A9A6",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB301503-0ECB-4D21-B341-ACF0F302CF85",
"versionEndIncluding": "6.6.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C5093F-7D96-46B5-8DF7-068877E71F67",
"versionEndIncluding": "6.7.8",
"versionStartIncluding": "6.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE7DE50-FC7B-4F64-8324-F6BF302B4667",
"versionEndIncluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9E32B0-8C95-40D7-B31F-54626D1F7AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0016873D-3247-4B9A-9519-46C88EEBB3BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]