Skip to main content

Fortinet Products Multiple Vulnerabilities

Last Update Date: 22 Mar 2024 Release Date: 13 Mar 2024 4106 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.

 

[Updated on 2024-03-22] 

For CVE-2023-48788, an improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.

Note: This vulnerability is exploited in the wild. Hence, the risk level is rated from Medium Risk to Extremely High Risk.


Impact

  • Security Restriction Bypass
  • Remote Code Execution
  • Elevation of Privilege

System / Technologies affected

For CVE-2023-48788

    • FortiClientEMS version 7.0.1 through 7.0.10
    • FortiClientEMS version 7.2.0 through 7.2.2

     

    For Others CVE

      • FortiClientEMS 6.0 all versions
      • FortiClientEMS 6.2 all versions
      • FortiClientEMS 6.4 all versions
      • FortiClientEMS version 7.0.0 through 7.0.10
      • FortiClientEMS version 7.2.0 through 7.2.2
      • FortiOS version 6.2.0 through 6.2.15
      • FortiOS version 6.4.0 through 6.4.14
      • FortiOS version 7.0.0 through 7.0.12
      • FortiOS version 7.0.1 through 7.0.13
      • FortiOS version 7.2.0 through 7.2.6
      • FortiOS version 7.4.0 through 7.4.1
      • FortiProxy version 2.0.0 through 2.0.13
      • FortiProxy version 7.0.0 through 7.0.14
      • FortiProxy version 7.2.0 through 7.2.8
      • FortiProxy version 7.4.0 through 7.4.2

      Solutions

      Before installation of the software, please visit the vendor web-site for more details.

       

      Apply fixes issued by the vendor:

      For CVE-2023-48788

      For Others CVE


      Vulnerability Identifier


      Source


      Related Link