CVE-2023-48788

Vulnerability updated 8 months ago (2024-11-29T14:28:47.146Z)

Download STIX

Preview STIX

CVE-2023-48788 is a critical SQL injection vulnerability discovered in Fortinet's FortiClient Enterprise Management Server (EMS) software. The flaw, resulting from an improper neutralization of special elements used in SQL, could potentially allow an attacker to execute arbitrary commands on the system. Fortinet has since addressed this issue and implemented a fix to ensure the security of their EMS solution. The discovery and resolution of CVE-2023-48788 have drawn significant attention from various parties. Horizon3's Attack Team announced plans to publish technical details and a proof-of-concept (PoC) exploit for the vulnerability within a week of the fix. Concurrently, there were attempts to sell a PoC for the same vulnerability for less than $300 via GitHub, raising concerns about potential misuse of the information. As of March 14, 2024, the vulnerability has been fixed by Fortinet. However, the situation underscores the importance of vigilance and prompt action in addressing software vulnerabilities. With technical details and PoCs potentially circulating, users of Fortinet's FortiClient EMS software are strongly advised to ensure they have applied the latest updates to mitigate any risk associated with CVE-2023-48788.

Description last updated: 2024-11-15T16:19:33.942Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Exploit

Fortinet

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-1709 Vulnerability is associated with CVE-2023-48788. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response	Unspecified	2

Source Document References

Information about the CVE-2023-48788 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	5 months ago	CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
CISA	5 months ago	#StopRansomware: Medusa Ransomware \| CISA
Securelist	5 months ago	Kaspersky Incident Response analyst report for 2024
DARKReading	5 months ago	Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
Securelist	7 months ago	Attackers exploiting a FortiClient EMS vulnerability in the wild
CERT-EU	a year ago	Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware
CISA	a year ago	#StopRansomware: RansomHub Ransomware \| CISA
CERT-EU	a year ago	Alerts Critical Vulnerabilities in Fortinet Products 14 March 2024 Fortinet has released security updates to address critical vulnerabilities (CVE-2023-48788, CVE-2023-42789 and CVE-2023-42790) affecting their FortiClient Enterprise Management Server (EMS), FortiOS and FortiProxy products.
CERT-EU	a year ago	Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)
Securityaffairs	a year ago	CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
DARKReading	a year ago	Patch Now: Critical Fortinet RCE Bug Under Active Attack
Securityaffairs	a year ago	CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
CISA	a year ago	CISA Adds Three Known Exploited Vulnerabilities to Catalog \| CISA
Securityaffairs	a year ago	Critical Fortinet's FortiClient EMS flaw actively exploited in the wild
Securityaffairs	a year ago	Critical Fortinet's FortiClient EMS flaw actively exploited in the wild
CERT-EU	a year ago	18th March – Threat Intelligence Report \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	18th March – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Cyber Security Week in Review: March 15, 2024
DARKReading	a year ago	Fortinet Warns of Yet Another Critical RCE Flaw
BankInfoSecurity	a year ago	Breach Roundup: US FCC Authorizes IoT Cybersecurity Label