Fortinet FortiClient EMS SQL Injection Vulnerability

Added March 25, 2024 • Due April 15, 2024 • CVE-2023-48788

Overdue Fortinet / FortiClient EMS Known Ransomware Use CWE-89

Description

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://www.fortiguard.com/psirt/FG-IR-24-007
https://nvd.nist.gov/vuln/detail/CVE-2023-48788

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 8 months ago