skip to Main Content
TrueFort deep violet horizontal logo with turquoise emblem
CVE-2023-48788 Vulnerability Reported in FortiClientEMS

CVE-2023-48788 Vulnerability Reported in FortiClientEMS

Fortinet’s FortiClient EMS product exploited via CVE-2023-48788, a critical SQL injection vulnerability


The CISA (Cybersecurity and Infrastructure Security Agency) has alerted organizations to actively exploit ‘The Fortinet FortiClient EMS vulnerability’ (CVE-2023-48788), a critical SQL injection flaw enabling unauthenticated attackers to execute arbitrary code via crafted requests. An improper neutralization of special elements used in an SQL command (‘sql injection’) in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and FortiClientEMS 7.0.1 through 7.0.10 allows an attacker to execute unauthorized code or commands via specially crafted packets.

Fortinet released patches for this issue on February 22, applicable to FortiClient EMS versions 7.0.11, 7.2.3, and later, with the UK’s NCSC, a Fortinet staffer discovering the subsequent vulnerability. Consequently, CISA added CVE-2023-48788 to its KEV catalog, advising prompt patching or mitigation. Fortinet acknowledges the vulnerability is being exploited in the wild, although specific attack details remain undisclosed.

“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.” [Fortinet]

Historically, Fortinet vulnerabilities have attracted state-sponsored actors and zero day attacks. The Shadowserver Foundation has noted 130 potentially vulnerable systems exposed online as of March 23, including 30 in the US. Additionally, CISA recently cataloged an old Ivanti Endpoint Manager vulnerability (CVE-2021-44529) that also allows unauthenticated code execution.

Protecting Against Zero-Day Attacks

In recent weeks, we have seen vulnerabilities CVE-2024-21412, CVE-2024-22245, and CVE-2024-21413, to name but a few. Unfortunately, CVE-2023-48788 is just another reminder of the importance of preventing zero-day attacks with microsegmentation tools and by detecting lateral movement to improve security posture.

The TrueFort Platform offers robust protection against zero-day attacks through its comprehensive behavior analysis and real-time monitoring capabilities. By establishing a baseline of normal application behavior, TrueFort is able to detect and alert on anomalies and potential threats in real-time, even if the attack method has never been seen before. Its granular policy enforcement allows for the precise control of application behavior and communications, effectively mitigating the risk of exploitation by unknown vulnerabilities (such as CVE-2023-48788). Moreover, the platform’s capability for quick policy updates and the integration of threat intelligence ensures that defenses evolve as rapidly as new threats emerge, providing an adaptive security posture that is crucial for defending against zero-day exploits.

For information about how the TrueFort Platform protects against unforeseen, please contact us for a no-obligation demo and more details on protecting infrastructure against zero-day threats, implementing microsegmentation tools, leveraging genuine real-time analytics, and painless zero-trust adoption. We’re here to help. 



Share This


Related posts

DORA compliance

Preparing for DORA Compliance

In the quest for DORA compliance, we offer a solution for financial services before the January 2025 deadline DORA compliance is born of the financial…

Back To Top
TrueFort Emblem Logo

Truefort customer support

TrueFort customers receive 24×7 support by phone and email, and all software maintenance, releases, and updates

For questions about our support policy, please contact your TrueFort account manager or our presales team at

Support Hotline

Email Support