The Information Highway

The Information Highway

Font size: +
2 minutes reading time (375 words)

Fortinet FortiClientEMS critical vulnerability

Threat update

 Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via purposely crafted requests. This Cybersecurity Threat Advisory highlights various recommendations to mitigate the potential impact on your devices.

Technical Detail and Additional Info

What is the threat?

CVE-2023-48788 resides in the Fortinet FortiClientEMS software. This provides visibility for devices across the network to securely assign security profiles to endpoints, along with automation capabilities. The vulnerability is an SQL injection in the DB2 Administration Server (DAS), which allows unauthenticated attackers to perform remote code execution with SYSTEM privileges that don't require user interaction. The following versions are affected by this vulnerability:

  • FortiClientEMS 7.2.0 through 7.2.2
  • FortiClientEMS 7.0.1 through 7.0.10

Why is it noteworthy?

FortiCilentEMS is an endpoint security software used in enterprise networks. The vulnerability has been observed to be exploited without the need for authentication and used at the SYSTEM level without the need for user interaction. These behaviors combined earned CVE-2023-48788 a CVSS rating of 9.3 out of a maximum of 10, a considerably critical rating. 

What is the exposure or risk?

This FortiClientEMS vulnerability can lead to significant exposure and risk for its consumers. If exploited successfully, it could allow the attacker to gain access without the need for authentication or user interaction. As seen recently, this potentially opens a gateway for attackers to perform malicious code execution onto endpoints. 

What are the recommendations?

LBT Technology Group, LLC. recommends the following actions to keep your environment secure:

  • Upgrade affected FortiClientEMS instances to the latest versions:
    • FortiClientEMS 7.2.0 through 7.2.2, upgrade to 7.2.3 or above
    • FortiClientEMS 7.0.1 through 7.0.10, upgrade to 7.0.11 or above
  • Utilize network segmentation to mitigate the impact of potential compromises and prevent lateral movement by malicious actors.
  • Enforce strong access controls as a layered security approach, such as robust passwords and multi-factor authentication.
  • Utilize LBT's MXDR for comprehensive security monitoring and for detecting unusual activity across endpoint devices.

References

 For more in-depth information about the recommendations, please visit the following links:



If you have any questions, please contact LBT's Sales Engineer.

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2...
OpenEdge authentication bypass vulnerability

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023