【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2023-48788) in Fortinet FortiClientEMS

【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2023-48788) in Fortinet FortiClientEMS - Please Verify and Patch Immediately!

publish date : 2024-04-02 update date : 2024-04-15

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024040111043030	Publication Time	2024/03/29 11:05
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/04/01 11:05
Impact Level	Medium
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2023-48788) in Fortinet FortiClientEMS - Please Verify and Patch Immediately!
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202403-00000120 Researchers have discovered a database injection (SQL Injection) vulnerability (CVE-2023-48788) in Fortinet FortiClientEMS. Remote attackers without proper authentication can exploit this vulnerability to add, delete, or modify database content. This vulnerability is currently being exploited by hackers. Please verify and patch it as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ● FortiClientEMS versions 7.2.0 to 7.2.2 ● FortiClientEMS versions 7.0.1 to 7.0.10
[Recommended Actions] The official patch for the vulnerability has been released. Please update to the following versions: ● FortiClientEMS 7.2.3 (including this version and above) ● FortiClientEMS 7.0.11 (including this version and above)
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share