⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-04-15.
CVE-2023-48788 — SQL Injection in Fortinet Forticlient Enterprise Management Server
Severity
9.8CRITICALNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEVRansomware
Added 2024-03-25
Due 2024-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 12
KEV addedMar 25
KEV dueApr 15
Latest updateDec 19
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
3CVEList▶
CVE-2023-48788: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7↗2024-03-12
GHSA▶
GHSA-fv47-jg3j-5qf6: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7↗2024-03-12
💥Exploits & PoCs
1Nuclei▶
Fortinet Forticlient Endpoint Management Server - SQL Injection