CVE-2023-48788

Fortinet | FortiClient EMSAdded 2024-03-25Remediation Deadline 2024-04-15Active Ransomware Campaign

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-89

References

https://www.fortiguard.com/psirt/FG-IR-24-007
https://nvd.nist.gov/vuln/detail/CVE-2023-48788

Cybersecurity Alerts

CVE-2023-48788

Fortinet FortiClient EMS SQL Injection Vulnerability

Required Action

Weakness Classification

References