TROYANOSYVIRUS
Back to CVEs

CVE-2023-48788

CRITICALCISA KEV
9.8

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/12/2024
Last Modified10/24/2025
Sourcekev
Honeypot Sightings0

CISA KEV

VendorFortinet
ProductFortiClient EMS
Vulnerability NameFortinet FortiClient EMS SQL Injection Vulnerability
KEV Date Added2024-03-25
Remediation Due Date2024-04-15
Ransomware UseKnown

Affected Products

fortinet:forticlient_enterprise_management_server

Weaknesses (CWE)

CWE-89

References

https://fortiguard.com/psirt/FG-IR-24-007(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-24-007(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.