Fortinet’s FortiClient EMS product exploited via CVE-2023-48788, a critical SQL injection vulnerability
: OFFICIAL CVE-2023-48788 PATCHING INFORMATION :
The CISA (Cybersecurity and Infrastructure Security Agency) has alerted organizations to actively exploit ‘The Fortinet FortiClient EMS vulnerability’ (CVE-2023-48788), a critical SQL injection flaw enabling unauthenticated attackers to execute arbitrary code via crafted requests. An improper neutralization of special elements used in an SQL command (‘sql injection’) in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and FortiClientEMS 7.0.1 through 7.0.10 allows an attacker to execute unauthorized code or commands via specially crafted packets.
Fortinet released patches for this issue on February 22, applicable to FortiClient EMS versions 7.0.11, 7.2.3, and later, with the UK’s NCSC, a Fortinet staffer discovering the subsequent vulnerability. Consequently, CISA added CVE-2023-48788 to its KEV catalog, advising prompt patching or mitigation. Fortinet acknowledges the vulnerability is being exploited in the wild, although specific attack details remain undisclosed.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.” [Fortinet]
Historically, Fortinet vulnerabilities have attracted state-sponsored actors and zero day attacks. The Shadowserver Foundation has noted 130 potentially vulnerable systems exposed online as of March 23, including 30 in the US. Additionally, CISA recently cataloged an old Ivanti Endpoint Manager vulnerability (CVE-2021-44529) that also allows unauthenticated code execution.
Protecting Against Zero-Day Attacks
In recent weeks, we have seen vulnerabilities CVE-2024-21412, CVE-2024-22245, and CVE-2024-21413, to name but a few. Unfortunately, CVE-2023-48788 is just another reminder of the importance of preventing zero-day attacks with microsegmentation tools and by detecting lateral movement to improve security posture.
The TrueFort Platform offers robust protection against zero-day attacks through its comprehensive behavior analysis and real-time monitoring capabilities. By establishing a baseline of normal application behavior, TrueFort is able to detect and alert on anomalies and potential threats in real-time, even if the attack method has never been seen before. Its granular policy enforcement allows for the precise control of application behavior and communications, effectively mitigating the risk of exploitation by unknown vulnerabilities (such as CVE-2023-48788). Moreover, the platform’s capability for quick policy updates and the integration of threat intelligence ensures that defenses evolve as rapidly as new threats emerge, providing an adaptive security posture that is crucial for defending against zero-day exploits.
For information about how the TrueFort Platform protects against unforeseen, please contact us for a no-obligation demo and more details on protecting infrastructure against zero-day threats, implementing microsegmentation tools, leveraging genuine real-time analytics, and painless zero-trust adoption. We’re here to help.
: OFFICIAL CVE-2023-48788 PATCHING INFORMATION :
