CVE-2023-48788

Published Mar 12, 2024

Last updated 6 months ago

Exploit knownCVSS critical 9.8

Overview

Description
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Source
psirt@fortinet.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiClient EMS SQL Injection Vulnerability
Exploit added on
Mar 25, 2024
Exploit action due
Apr 15, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-89

Social media

Hype score
Not currently trending

  1. #Malware #AnyDesk Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks https://t.co/biwaUOEGxP

    @Komodosec

    21 Oct 2024

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References