Fortinet warns of a serious SQLi vulnerability in FortiClientEMS software

March 14, 2024News about hackersNetwork Vulnerabilities/Security

Fortinet has warned of a critical security flaw affecting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

“An improper neutralization of special elements used in a SQL command vulnerability (“SQL Injection”). [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specially crafted requests,” the company said in an advisory.

The vulnerability, tracked as CVE-2023-48788, has a CVSS score of 9.3 out of a possible 10. Affects the following versions:

• FortiClientEMS 7.2.0 to 7.2.2 (upgrade to 7.2.3 or later)
• FortiClientEMS 7.0.1 to 7.0.10 (upgrade to 7.0.11 or later)

Horizon3.ai, which plans to release further technical details and a proof-of-concept (PoC) exploit next week, said that the gap could be exploited to achieve remote code execution such as SYSTEM on the server.

Fortinet credited Thiago Santana of the ForticlientEMS development team and the UK’s National Cyber ​​Security Center (NCSC) with discovering and reporting the flaw.

The company also fixed two other critical bugs in FortiOS and FortiProxy (CVE-2023-42789 and CVE-2023-42790, CVSS scores: 9.3) that could allow an attacker with access to the captive portal to execute arbitrary code or commands via specially prepared HTTP requests.

The following product versions are affected by the defects:

• FortiOS version 7.4.0 to 7.4.1 (upgrade to FortiOS version 7.4.2 or later)
• FortiOS version 7.2.0 to 7.2.5 (upgrade to FortiOS version 7.2.6 or later)
• FortiOS version 7.0.0 to 7.0.12 (upgrade to FortiOS version 7.0.13 or later)
• FortiOS version 6.4.0 to 6.4.14 (upgrade to FortiOS version 6.4.15 or later)
• FortiOS version 6.2.0 to 6.2.15 (upgrade to FortiOS version 6.2.16 or later)
• FortiProxy version 7.4.0 (upgrade to FortiProxy version 7.4.1 or later)
• FortiProxy version 7.2.0 to 7.2.6 (upgrade to FortiProxy version 7.2.7 or later)
• FortiProxy version 7.0.0 to 7.0.12 (upgrade to FortiProxy version 7.0.13 or later)
• FortiProxy version 2.0.0 to 2.0.13 (upgrade to FortiProxy version 2.0.14 or later)

While there is no evidence that the aforementioned flaws have been actively exploited, unpatched Fortinet equipment has been repeatedly abused by threat actors, making it imperative that users move quickly to apply updates.