FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution | allinfosecnews.com

April 23, 2024, 4:02 p.m. |

Packet Storm packetstormsecurity.com

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe …

code code execution endpoint endpoint management endpoints enterprises forticlient forticlient ems fortinet injection management platform remote code remote code execution server solution sql sql injection sql injection vulnerability vulnerability

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 5 hours ago | packetstormsecurity.com

arbitrary code attacker code crash +16

Ubuntu Security Notice USN-6762-1 5 hours ago | packetstormsecurity.com

arbitrary code attacker attackers code +15

SOPlanning 1.52.00 SQL Injection 5 hours ago | packetstormsecurity.com

injection php projects sql +5

SOPlanning 1.52.00 Cross Site Request Forgery 5 hours ago | packetstormsecurity.com

forgery php request version +2

SOPlanning 1.52.00 Cross Site Scripting 5 hours ago | packetstormsecurity.com

cross site scripting php scripting version +2

Red Hat Security Advisory 2024-2679-03 5 hours ago | packetstormsecurity.com

advisory enterprise free linux +7

Red Hat Security Advisory 2024-2674-03 5 hours ago | packetstormsecurity.com

advisory enterprise kernel linux +5

Red Hat Security Advisory 2024-2071-03 5 hours ago | packetstormsecurity.com

advisory bugs container fix +10

Red Hat Security Advisory 2024-2068-03 5 hours ago | packetstormsecurity.com

advisory bugs container denial of service +13

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604

View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö

View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963

View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000

View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto

View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com