CVE-2024-48788

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions prior to the fixed version YESCAM (com.yescom.YesCam.zwave) version 1.0.2

Description The issue allows a remote attacker to obtain sensitive information via the firmware update process or execute arbitrary code with admin privileges. This flaw is a prime target for nation-state actors and has a high desirability for threat actors. It is under active attack.

Recommendations For FortiClient EMS, update to the latest version that contains the fix for this issue. For YESCAM (com.yescom.YesCam.zwave) version 1.0.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.