Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet has issued a critical security advisory concerning a severe vulnerability affecting its FortiClientEMS software, potentially enabling attackers to execute code on impacted systems.
The vulnerability, identified as CVE-2023-48788, is attributed to an SQL injection flaw (CWE-89) in FortiClientEMS versions 7.0.1 through 7.0.10 and 7.2.0 through 7.2.2. Fortinet recommends upgrading to version 7.0.11 or above for 7.0.x users and version 7.2.3 or higher for 7.2.x users to mitigate the risk.
Horizon3.ai, set to disclose further technical details and a proof-of-concept (PoC) exploit next week, suggests that exploitation of this vulnerability could lead to remote code execution with SYSTEM privileges on the server.
Fortinet acknowledges Thiago Santana from the FortiClientEMS development team and the U.K. National Cyber Security Centre (NCSC) for discovering and reporting the vulnerability.
In addition to the FortiClientEMS flaw, Fortinet has also addressed two critical vulnerabilities in FortiOS and FortiProxy (CVE-2023-42789 and CVE-2023-42790, both with CVSS scores of 9.3). These vulnerabilities could allow attackers with access to the captive portal to execute arbitrary code or commands via specially crafted HTTP requests.
Affected FortiOS versions include 6.2.0 through 6.2.15, 6.4.0 through 6.4.14, 7.0.0 through 7.0.12, and 7.2.0 through 7.2.5. FortiProxy version 7.0.0 through 7.0.12, 7.2.0 through 7.2.6, and 7.4.0 are also affected.
Fortinet advises users to upgrade to the specified versions or above to address these vulnerabilities promptly. While there is no evidence of active exploitation, given the history of threat actors targeting unpatched Fortinet appliances, swift application of updates is strongly recommended to enhance security posture.
FOR REFERENCE