Fortinet has patched a critical SQL injection vulnerability in its endpoint management software which could enable remote code execution (RCE) on targeted servers.
CVE-2023-48788 affects FortiClientEMS 7.2 – versions 7.2.0 to 7.2.2 – and FortiClientEMS 7.0 – versions 7.0.1 to 7.0.10. Discovered by Fortinet and the UK’s National Cyber Security Centre (NCSC), it affects the DB2 Administration Server (DAS) component of the product.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,” the advisory noted.
There’s no information on whether it has been exploited in the wild yet, but that could be a realistic possibility given that security vendor Horizon3 has promised to release indicators of compromise (IoCs), a proof-of-concept exploit and a “deep dive” blog next week.
“In the meantime, check DAS service logs for malicious looking queries,” it warned in a brief post on X (formerly Twitter).
No tags.
