Synopsis: A proof-of-concept has been released for CVE-2023-48788. This vulnerability allows unauthenticated threat actors to deploy remote code execution (RCE) with system privileges in a low-complexity attack that does not require user interaction.

This is made possible by an SQL injection in the DB2 Administration Server portion of Fortinet’s FortiClient Enterprise Management Server (EMS) Software. An update has been published to remediate this vulnerability and Fortinet recommends updating to the fixed version as soon as possible.

Action: Upgrade to the corrected version of FortiClient EMS.

 

Email Team


Associated Articles

Bleeping Computer

Fortinet Security Advisory