< BACK TO BLOG

March 26, 2024
by Andres Ramos

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands.

Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available. While threat actors have not previously targeted FortiClientEMS, several other Fortinet products have been historically targeted such as FortiOS through CVE-2024-21762 and CVE-2024-23113 back in February 2024.

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

Arctic Wolf strongly recommends upgrading Fortinet FortiClientEMS to the latest version.

Product	Affected Version	Fixed Version
FortiClientEMS	7.2.0 to 7.2.2	7.2.3 or above
FortiClientEMS	7.0.1 to 7.0.10	7.0.11 or above

Please follow your organization’s patching and testing guidelines to avoid operational impact.

References

See other important security bulletins from Arctic Wolf.

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

References

Andres Ramos

Continue Reading

Arctic Wolf Networks 8939 Columbine Rd, Suite 150 Eden Prairie, MN 55347

1.888.272.8429

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd, Suite 150
Eden Prairie, MN 55347