Fortinet has recently rolled out a patch to address various vulnerabilities across its software lineup. Among these vulnerabilities is one that enables SQL injection on FortiClient-EMS, which has prompted the publication of a proof-of-concept exploit that is currently being actively exploited.
In an advisory, Fortinet highlights a bug (tracked internally as FG-IR-24-007 or CVE-2023-48788) with a Critical CVSS score of 9.3, as it allows attackers to execute code remotely and without authentication on FortiClientEMS versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. The vulnerabilities have been patched in versions 7.2.3 and 7.0.11, effectively mitigating the SQL injection threat on affected devices.
Fortinet cautions that the bug is actively being exploited in the wild, prompting the Dutch Digital Trust Center to issue a warning about the vulnerability. Additionally, a proof-of-concept for this exploit has been made public, facilitating potential attacks against at-risk systems.
Aside from this zero-day vulnerability, Fortinet has also disclosed other security flaws, including FG-IR-23-390 or CVE-2023-47534, affecting the same versions of FortiClientEMS with a High CVSS score of 8.7. Users are strongly advised to upgrade to newer versions to mitigate risks associated with this vulnerability, which is related to improper handling of elements in CSV files (CWE-1236).
Furthermore, vulnerabilities have also been identified in FortiManager and FortiAnalyzer, such as FG-IR-23-304 or CVE-2023-41842, enabling unauthorized code execution that requires authentication. Lastly, the latest bug, FG-IR-23-103 or CVE-2023-36554, affects FortiManager with a CVSS score of 7.7 but only poses a threat if FortiWLM MEA is enabled - a feature that administrators can proactively disable to safeguard their systems.
English (US)