Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

2 months ago AndyC

Mar 14, 2024The Hacker NewsVulnerability / Network Security

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Mar 14, 2024The Hacker NewsVulnerability / Network Security

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,” the company said in an advisory.

The vulnerability, tracked as CVE-2023-48788, carries a CVSS rating of 9.3 out of a maximum of 10. It impacts the following versions –

  • FortiClientEMS 7.2.0 through 7.2.2 (Upgrade to 7.2.3 or above)
  • FortiClientEMS 7.0.1 through 7.0.10 (Upgrade to 7.0.11 or above)

Horizon3.ai, which plans to release additional technical details and a proof-of-concept (PoC) exploit next week, said the shortcoming could be exploited to obtain remote code execution as SYSTEM on the server.

Cybersecurity

Fortinet has credited Thiago Santana From the ForticlientEMS development team and the U.K. National Cyber Security Centre (NCSC) for discovering and reporting the flaw.

Also fixed by the company two other critical bugs in FortiOS and FortiProxy (CVE-2023-42789 and CVE-2023-42790, CVSS scores: 9.3) that could permit an attacker with access to the captive portal to execute arbitrary code or commands via specially crafted HTTP requests.

The below product versions are impacted by the flaws –

  • FortiOS version 7.4.0 through 7.4.1 (Upgrade to FortiOS version 7.4.2 or above)
  • FortiOS version 7.2.0 through 7.2.5 (Upgrade to FortiOS version 7.2.6 or above)
  • FortiOS version 7.0.0 through 7.0.12 (Upgrade to FortiOS version 7.0.13 or above)
  • FortiOS version 6.4.0 through 6.4.14 (Upgrade to FortiOS version 6.4.15 or above)
  • FortiOS version 6.2.0 through 6.2.15 (Upgrade to FortiOS version 6.2.16 or above)
  • FortiProxy version 7.4.0 (Upgrade to FortiProxy version 7.4.1 or above)
  • FortiProxy version 7.2.0 through 7.2.6 (Upgrade to FortiProxy version 7.2.7 or above)
  • FortiProxy version 7.0.0 through 7.0.12 (Upgrade to FortiProxy version 7.0.13 or above)
  • FortiProxy version 2.0.0 through 2.0.13 (Upgrade to FortiProxy version 2.0.14 or above)

While there is no evidence that the aforementioned flaws have come under active exploitation, unpatched Fortinet appliances have been repeatedly abused by threat actors, making it imperative that users move quickly to apply the updates.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

6 mins ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

1 day ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

2 days ago AndyC
Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

2 days ago AndyC
10 Critical Endpoint Security Tips You Should Know

10 Critical Endpoint Security Tips You Should Know

2 days ago AndyC
New 'Brokewell' Android Malware Spread Through Fake Browser Updates

New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates

2 days ago AndyC

You may have missed

Okta warns of unprecedented scale in credential stuffing attacks on online services

Okta warns of unprecedented scale in credential stuffing attacks on online services

1 min ago AndyC
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

6 mins ago AndyC
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

6 hours ago AndyC
Targeted operation against Ukraine exploited 7-year-old MS Office bug

Targeted operation against Ukraine exploited 7-year-old MS Office bug

6 hours ago AndyC
Weekly Update 397

Weekly Update 397

6 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.