WARNING: CRITICAL VULNERABILITY IN FORTINET FORTICLIENTEMS, PATCH IMMEDIATELY!
CVE-2023-48788: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://fortiguard.fortinet.com/psirt/FG-IR-24-007
Risks
CVE-2023-48788 is a critical vulnerability affecting the FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
Successful exploitation of this vulnerability would highly affect the availability, confidentiality, and integrity.
CVE-2023-48788 is actively exploited in the wild!
Fortinet released security upgrades to address the vulnerability.
Description
According to Fortinet, the CVE-2023-48788 represents an improper neutralization of special elements used in an SQL command (“SQL injection”) and may allow an unauthorized attacker to execute code or commands via specially crafted requests.
The affected versions are:
- FortiClientEMS version 7.2.0 through 7.2.2
- FortiClientEMS version 7.0.1 through 7.0.10
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Fortinet FortiClientEMS customers should urgently update to a fixed version.
Version Affected; Fixed versions
- FortiClientEMS 7.2: 7.2.0 through 7.2.2, upgrade to 7.2.3 or above
- FortiClientEMS 7.0: 7.0.1 through 7.0.10, upgrade to 7.0.11 or above
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Fortinet: https://fortiguard.fortinet.com/psirt/FG-IR-24-007