Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

March 14, 2024 at 01:21AM

Fortinet warns of critical flaw (CVE-2023-48788) in FortiClientEMS and two other bugs in FortiOS and FortiProxy, with a 9.3 CVSS score. Exploitation could result in unauthorized code execution. Upgrade affected versions as per the advisory. No current active exploitation, but immediate patching is crucial due to prior abuse of unpatched appliances by threat actors.

Key Takeaways from Meeting Notes:

1. Fortinet has issued a warning about a critical security flaw affecting the FortiClientEMS software, which could potentially allow attackers to execute unauthorized code or commands through specially crafted requests.
2. The identified vulnerability, tracked as CVE-2023-48788, has a CVSS rating of 9.3 out of 10.
3. The impacted versions of FortClientEMS are 7.2.0 through 7.2.2 (requiring an upgrade to 7.2.3 or above) and 7.0.1 through 7.0.10 (requiring an upgrade to 7.0.11 or above).
4. Horizon3.ai is planning to release additional technical details and a proof-of-concept (PoC) exploit for the vulnerability next week.
5. The flaw was discovered and reported by Thiago Santana from the FortiClientEMS development team and the U.K. National Cyber Security Centre (NCSC).
6. Fortinet has also addressed two other critical bugs in FortiOS and FortiProxy (CVE-2023-42789 and CVE-2023-42790) and provided the necessary upgrades for the affected versions.
7. It is essential for users to promptly apply the updates, given the history of threat actor abuse of unpatched Fortinet appliances, even though there is currently no evidence of active exploitation of these flaws.

These takeaways highlight the critical nature of the security vulnerabilities and the importance of applying the recommended upgrades to ensure system security and protect against potential exploitation.

Full Article