Fortinet Identifies Severe SQL Injection Vulnerability In FortiClientEMS Software

Fortinet recently issued a warning highlighting a critical vulnerability in its FortiClientEMS software. This vulnerability poses a significant risk, potentially enabling malicious actors to execute code on affected systems, which could lead to data breaches, system downtime, and other severe consequences.

The company stated, “An improper neutralization of special elements used in a SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests”.

The vulnerability, assigned CVE-2023-48788, carries a substantial CVSS score of 9.3 out of 10, indicating its severe impact. It affects the following versions of FortiClientEMS:

• Versions 7.2.0 to 7.2.2 (Recommendation: Upgrade to 7.2.3 or higher)
• Versions starting from 7.0.1 up to 7.0.10 (or higher)

Horizon3.ai has stated that this flaw could potentially lead to remote code execution as SYSTEM on the server. They intend to release additional technical details along with a proof-of-concept (PoC) exploit next week.

Thiago Santana, a member of the FortiClientEMS development team, along with the U.K. National Cyber Security Centre (NCSC), discovered the vulnerability and promptly reported it to Fortinet.

Furthermore, Fortinet addressed two additional significant bugs in FortiOS and FortiProxy (CVE-2023-42789 and CVE-2023-42790, both with CVSS scores of 9.3). These vulnerabilities could potentially allow attackers to execute arbitrary code or commands via specially crafted HTTP requests within the captive portal.

The following versions of the product have been identified with issues:

• FortiOS Versions 7.4.0 through 7.4.1 (Upgrade to 7.4.2 or higher)
• FortiOS Versions 7.2.0 to 7.2.5 (Upgrade to 7.2.6 or higher)
• FortiOS Versions 7.0.0 through 7.0.12 (Upgrade to 7.0.13 or higher)
• FortiOS Versions 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or higher)
• FortiOS Versions 6.2.0 through 6.2.15 (Upgrade to 6.2.16 or higher)
• FortiProxy Version 7.4.0 (Upgrade to 7.4.1 or higher)
• FortiProxy Versions 7.2.0 to 7.2.6 (Upgrade to 7.2.7 or higher)
• Instead of FortiProxy Versions 7.0.0 to 7.0.12, consider using version 7.0.13 or higher.
• FortiProxy Versions 2.0.0 to 2.0.13 (Upgrade to 2.0.14 or higher)

While there’s currently no evidence of active exploitation of the vulnerabilities mentioned above, it’s crucial to acknowledge that threat actors have historically targeted unpatched Fortinet appliances for malicious purposes. Therefore, it is imperative for users to prioritize obtaining the necessary updates without delay. Acting swiftly to install these updates can significantly mitigate the risk of potential security breaches and safeguard against exploitation by malicious actors.

SOURCE