CVE-2023-47534

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 6.0.0 through 6.0.8 Fortinet FortiClientEMS versions 6.2.0 through 6.2.9 Fortinet FortiClientEMS versions 6.4.0 through 6.4.9 Fortinet FortiClientEMS versions 7.0.0 through 7.0.10 Fortinet FortiClientEMS versions 7.2.0 through 7.2.2

Description The issue is related to an improper neutralization of formula elements in a csv file, which allows an attacker to execute unauthorized code or commands via specially crafted packets. This can be exploited by a remote attacker.

Recommendations For Fortinet FortiClientEMS versions 6.0.0 through 6.0.8, update to a version that contains a fix for this issue. For Fortinet FortiClientEMS versions 6.2.0 through 6.2.9, update to a version that contains a fix for this issue. For Fortinet FortiClientEMS versions 6.4.0 through 6.4.9, update to a version that contains a fix for this issue. For Fortinet FortiClientEMS versions 7.0.0 through 7.0.10, update to a version that contains a fix for this issue. For Fortinet FortiClientEMS versions 7.2.0 through 7.2.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to csv files to minimize the risk of exploitation.