Hackers Actively Exploiting Critical Fortinet FortiSIEM Vulnerability (CVE-2024-23108)

Attackers are actively exploiting a critical vulnerability in Fortinet FortiSIEM, identified as CVE-2024-23108 (CVSS score 10.0), which allows unauthenticated remote code execution. A proof-of-concept (PoC) exploit has been publicly available since late May 2024. The flaw affects versions 6.4.0 to 7.1.1 of the product. Fortinet released patches in February 2024, but unpatched systems remain at risk. Ongoing attacks are targeting vulnerable infrastructures, with no specific geographic details provided. No specific impact (such as data exfiltration or ransomware deployment) has been detailed in the article.