CVE-2024-23108 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-23108?

CVE-2024-23108 has a CVSS score of 10.0 (CRITICAL). This CVE describes an OS command injection vulnerability in Fortinet products that allows attackers to execute arbitrary commands via crafted API requests. Attackers can achieve remote code execution with the privileges of the vulnerable service. Organizations using affected Fortinet products are at risk.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Fortinet products that allows attackers to execute arbitrary commands via crafted API requests. Attackers can achieve remote code execution with the privileges of the vulnerable service. Organizations using affected Fortinet products are at risk.

💻 Affected Systems

Products:

Fortinet FortiOS
Fortinet FortiProxy

Versions: FortiOS 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17; FortiProxy 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14

Operating Systems: FortiOS (custom OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both physical and virtual appliances. Requires API access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data exfiltration, lateral movement, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to configuration changes, credential harvesting, or initial foothold for further attacks.

🟢

If Mitigated

Limited impact due to network segmentation, API access restrictions, and proper authentication controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires valid API credentials. Public proof-of-concept available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.4.3, 7.2.7, 7.0.14, 6.4.15, 6.2.16, 6.0.18; FortiProxy 7.4.3, 7.2.9, 7.0.15

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-130

Restart Required: Yes

Instructions:

1. Download appropriate firmware version from Fortinet support portal. 2. Backup configuration. 3. Apply firmware update via GUI or CLI. 4. Reboot device. 5. Verify update success.

🔧 Temporary Workarounds

Restrict API Access

all

Limit API access to trusted IP addresses only

config system api-user
edit <user>
set trusthost <trusted_ip>
end

Disable Unused APIs

all

Disable API endpoints not required for operations

config system api-user
edit <user>
set accprofile <restricted_profile>
end

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Enable API authentication with strong credentials and MFA where possible

🔍 How to Verify

Check if Vulnerable:

Check FortiOS/FortiProxy version via CLI: get system status | grep Version

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is patched: get system status | grep Version and confirm version >= patched versions

📡 Detection & Monitoring

Log Indicators:

Unusual API requests with command injection patterns
Multiple failed API authentication attempts followed by successful exploitation
Execution of unexpected system commands

Network Indicators:

Unusual outbound connections from Fortinet devices
Traffic to unexpected destinations

SIEM Query:

source="fortigate" AND ("api" AND ("exec" OR "system" OR "command"))

📊 Metadata

CVE ID: CVE-2024-23108

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-78

Published: February 5, 2024

Last Updated: January 14, 2026

🔗 References

https://fortiguard.com/psirt/FG-IR-23-130 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-130 Vendor Advisory
https://github.com/horizon3ai/CVE-2024-23108

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23108, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict API Access

Disable Unused APIs

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities