CVE-2023-48788 - Fortinet FortiClient EMS SQL Injection Vulnerability
Project:Fortinet
Product:FortiClient EMS
Date Added:2024-03-25Due Date:2024-04-15
Vulnerability Name
Fortinet FortiClient EMS SQL Injection Vulnerability
Description
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-24-007
https://nvd.nist.gov/vuln/detail/CVE-2023-48788
Related News Articles
BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025
Microsoft: Russia's Sandworm APT Exploits Edge Bugs GloballyFebruary 13, 2025
Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ CountriesFebruary 13, 2025
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ CountriesNovember 26, 2024
Salt Typhoon hackers backdoor telcos with new GhostSpider malwareNovember 26, 2024