Fortinet has addressed a critical SQL injection vulnerability in its endpoint management software, potentially enabling remote code execution (RCE) on targeted servers.
CVE-2023-48788 affects FortiClientEMS versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. Discovered jointly by Fortinet and the UK’s National Cyber Security Centre (NCSC), this vulnerability impacts the DB2 Administration Server (DAS) component of the product. The flaw involves an improper neutralization of special elements used in SQL commands (‘SQL Injection’), as per CWE-89. Exploitation of this vulnerability could allow an unauthenticated attacker to execute unauthorized code or commands through specifically crafted requests.
Additionally, Fortinet has released updates to address a high-severity CSV injection bug (CVE-2023-47534) within FortiClientEMS. This vulnerability, involving an improper neutralization of formula elements in a CSV File (CWE-1236), could potentially allow remote and unauthenticated attackers to execute arbitrary commands on the admin workstation. This could be achieved by creating malicious log entries with crafted requests to the server.