Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

26-Mar-24

The vulnerability affecting the enterprise endpoint management solution has been described as a critical SQL injection bug that can be exploited by an unauthenticated attacker to execute arbitrary code or commands using specially crafted requests.


Fortinet disclosed the vulnerability on February 22, when it announced that patches are included in FortiClient EMS versions 7.0.11, 7.2.3 and later.


The UK’s National Cyber Security Centre (NCSC) and a Fortinet employee have been credited for discovering CVE-2023-48788.


On March 21, cybersecurity firm Horizon3.ai disclosed technical details of the vulnerability and published a proof-of-concept (PoC) exploit.


CISA added CVE-2023-48788 to its Known Exploited Vulnerabilities (KEV) catalog on Monday, urging organizations to install patches or implement mitigations as soon as possible.

Read More…