Dark
Light

Update now Exploits for Fortinet vulnerability in the wild

1 min read
54 views

TLDR:

  • A critical vulnerability in Fortinet’s FortiClient Enterprise Management Server (EMS) software, tracked as CVE-2023-48788, is actively exploited in attacks.
  • An SQL injection flaw in the DB2 Administration Server component allows unauthenticated threat actors to gain remote code execution (RCE) with SYSTEM privileges.

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient Enterprise Management Server (EMS) software, tracked as CVE-2023-48788. This security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK’s National Cyber Security Centre (NCSC). It impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), enabling unauthenticated threat actors to gain remote code execution (RCE) with SYSTEM privileges on unpatched servers in low-complexity attacks that don’t require user interaction. Fortinet has released security updates to address the flaw, and security researchers with Horizon3’s Attack Team have published a technical analysis and shared a PoC exploit to confirm system vulnerability. Shodan and Shadowserver track hundreds of exposed FortiClient EMS servers online, with most in the United States. This latest RCE bug follows a critical RCE bug (CVE-2024-21762) in the FortiOS operating system and FortiProxy secure web proxy that was patched in February. Fortinet vulnerabilities are frequently exploited in ransomware attacks and cyber espionage campaigns.

Previous Story

AttackIQ Ready 20: Validate your cyber defense with ease

Next Story

Learn Cybersecurity Risks and Prevention Tips to protect your data

Latest from News