Fortinet Critical SQLi Vulnerability in FortiClientEMS Software - 20240318003

Overview

Fortinet has released an advisory for Fortinet critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software.

What is vulnerable?

Product(s) Affected	Affected version(s)	Severity	CVEs	Exploited
FortiClientEMS	7.2.0 through 7.2.2	Critical	CVE-2023-48788	Yes
FortiClientEMS	7.0.1 through 7.0.10	Critical	CVE-2023-48788	Yes
FortiOS	7.4.0 through 7.4.1	Critical	CVE-2023-42789, CVE-2023-42790	No
FortiOS	7.2.0 through 7.2.5	Critical	CVE-2023-42789	No
FortiOS	7.0.0 through 7.0.12	Critical	CVE-2023-42789	No
FortiOS	6.4.0 through 6.4.14	Critical	CVE-2023-42789, CVE-2023-42790	No
FortiOS	6.2.0 through 6.2.15	Critical	CVE-2023-42789, CVE-2023-42790	No
FortiOS	7.2.0 through 7.2.6	Critical	CVE-2023-42789, CVE-2023-42790	No
FortiOS	7.0.0 through 7.0.12	Critical	CVE-2023-42789, CVE-2023-42790	No
FortiOS	2.0.0 through 2.0.13	Critical	CVE-2023-42789	No
FortiProxy	7.4.0	Critical	CVE-2023-42789, CVE-2023-42790	No

What has been observed?

CISA added this vulnerability in their Known Exploited Vulnerabilities catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):

Additional References

• FortiClient Vulnerability | FortiGuard
• PSIRT | FortiGuard