FortiClientEMS SQL Injection Vulnerability Allows Unauthorized Code Execution

CVE-2023-48788

9.3CRITICAL

Key Information

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 12 March 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟡 EPSS 71%📰 News Worthy

Summary

The FortiClientEMS software by Fortinet has been found to have a critical SQL Injection vulnerability, tracked as CVE-2023-48788, which allows attackers to execute unauthorized code or commands via specially crafted requests. The vulnerability has a high severity rating and affects versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10, but patches are available for these versions. The company has also fixed two other critical bugs in FortiOS and FortiProxy, which also allow for unauthorized code execution. While there is no evidence of active exploitation, it is crucial for users to apply the updates as unpatched Fortinet appliances have been repeatedly abused by threat actors.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-48788 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FortiClientEMS <= 7.2.2

FortiClientEMS <= 7.0.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-48788
Created by horizon3ai

News Articles

Risky Biz

CVE-2023-48788

Risky Biz News: The Linux CNA mess

In other news: TikTok zero-day used to hack high-profile accounts; mysterious new APT targets China; Hungary's ruling party boycotts Russian hack investigation.

6 months ago