Vulnerability Details CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.942
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Ransomware Campaign
Known
Products affected by CVE-2023-48788
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.1
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.10
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.2
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.3
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.4
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.6
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.7
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.8
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.9
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.0
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.1
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.2