FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2023-48788)

Fortinet addressed a critical severity vulnerability impacting the FortiClient Enterprise Management Server. Tracked as CVE-2023-48788, the vulnerability may allow an attacker to achieve code execution on affected systems. The vulnerability has been given a CVSS score of 9.3.

Acknowledging its active exploitation, CISA has added the CVE-2023-48788 to its Known Exploited Vulnerabilities Catalog and requested users to patch it before April 15, 2024.

FortiClient Endpoint Management Server (FortiClient EMS) is a security management solution that allows users to manage multiple endpoints (computers) in a centralized and scalable manner. It provides visibility across the network and enables users to assign security profiles to endpoints, manage devices automatically, and troubleshoot FortiClient EMS.

Vulnerability Description

This improper neutralization of special elements used in an SQL Command vulnerability in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.

Affected Versions

  • FortiClientEMS 7.2.0 through 7.2.2
  • FortiClientEMS 7.0.1 through 7.0.10

Mitigation

Customers are advised to upgrade to the following versions to patch the vulnerability:

  • FortiClient EMS 7.2.3 or above
  • FortiClient EMS 7.0.11 or above

Please refer to the Fortinet PSIRT Advisory (FG-IR-24-007) for more information.

Qualys Detection

Qualys customers can scan their devices with QID 379512 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://fortiguard.fortinet.com/psirt/FG-IR-24-007

Leave a Reply

Your email address will not be published. Required fields are marked *