www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITY IN FORTINET FORTICLIENTEMS, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-41
Version: 
1.0
Affected software: 
Fortinet FortiClientEMS, version 7.2.0 through 7.2.2
FortiClientEMS, version 7.0.1 through 7.0.10
Type: 
SQL Command Injection
CVE/CVSS: 

CVE-2023-48788: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://fortiguard.fortinet.com/psirt/FG-IR-24-007

Risks

CVE-2023-48788 is a critical vulnerability affecting the FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

Successful exploitation of this vulnerability would highly affect the availability, confidentiality, and integrity.

CVE-2023-48788 is actively exploited in the wild!

Fortinet released security upgrades to address the vulnerability.

Description

According to Fortinet, the CVE-2023-48788 represents an improper neutralization of special elements used in an SQL command (“SQL injection”) and may allow an unauthorized attacker to execute code or commands via specially crafted requests.

The affected versions are:

  • FortiClientEMS version 7.2.0 through 7.2.2
  • FortiClientEMS version 7.0.1 through 7.0.10

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Fortinet FortiClientEMS customers should urgently update to a fixed version.

Version Affected; Fixed versions

  • FortiClientEMS 7.2: 7.2.0 through 7.2.2, upgrade to 7.2.3 or above
  • FortiClientEMS 7.0: 7.0.1 through 7.0.10, upgrade to 7.0.11 or above

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Fortinet: https://fortiguard.fortinet.com/psirt/FG-IR-24-007

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48788