Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet’s SIEM solution.
Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.
“There is no new vulnerability published for FortiSIEM so far in 2024, this is a system level error and we are working to rectify and withdraw the erroneous entries.”
On X, Zach stated that the new CVEs are patch bypasses for CVE-2023-34992, and the new IDs were assigned to him by Fortinet.
After contacting Fortinet once again, we were told their previous statement was “Misstated” and that the two new CVEs are variants of the original flaw.
JetBrains warns of new TeamCity auth bypass vulnerability.