CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability

Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software.

Background

On March 12, Fortinet published an advisory (FG-IR-24-007) to address a critical flaw in its FortiClient Enterprise Management Server (FortiClientEMS), a solution which enables centralized management of multiple endpoints.

CVEDescriptionCVSSv3SeverityCVE-2023-48788Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command)9.3Critical

At the time this blog was published, …

address advisory arbitrary code attacker centralized management code critical critical flaw cve endpoints enterprise flaw fortinet injection management march server software solution sql sql injection unauthenticated vulnerability vulnerable