CVE-2023-48788

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 7.0.1 through 7.0.10 Fortinet FortiClientEMS versions 7.2.0 through 7.2.2

Description The issue is related to an improper neutralization of special elements used in an SQL command, also known as a SQL injection vulnerability. This vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets. The vulnerability is being actively exploited in the wild, with attackers using it to install remote desktop tools like AnyDesk and ScreenConnect, and to deploy ransomware. The estimated number of potentially affected devices worldwide is not specified, but it is known that over 440 vulnerable FortiClient EMS servers have been found on the internet, with the majority located in the US.

Recommendations Fortinet FortiClientEMS versions 7.0.1 through 7.0.10: Update to a patched version to prevent exploitation of the SQL injection vulnerability. Fortinet FortiClientEMS versions 7.2.0 through 7.2.2: Update to a patched version to prevent exploitation of the SQL injection vulnerability. As a temporary workaround, consider disabling any unnecessary SQL commands or restricting access to the FortiClient EMS software until a patch is available.