Skip to content Skip to footer

Critical Security Warning: Fortinet Vulnerabilities CVE-2023-48788, CVE-2023-42789, and CVE-2023-42790

Fortinet has warned about a critical security vulnerability in its FortiClientEMS software, -2023-48788. The flaw could allow attackers to execute unauthorized code or commands on affected systems. To mitigate the risk, the company has urged users to upgrade to the latest software versions.

According to Fortinet, the vulnerability is caused by improperly neutralizing particular elements used in an SQL Command, also known as an . Attackers commonly this type of vulnerability, CWE-89, to access sensitive data or execute malicious code on a targeted system.

The vulnerability has been assigned a CVSS score of 9.3 out of 10, indicating its severity. It affects FortiClientEMS versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. Users are advised to upgrade to version 7.2.3 or above for 7.2.x versions and 7.0.11 or above for 7.0.x versions.

Horizon3., a security research firm, has discovered two other critical vulnerabilities in Fortinet's FortiOS and FortiProxy products. These flaws, which are tracked as -2023-42789 and -2023-42790, could allow an attacker to execute arbitrary code or commands on the affected systems.

The vulnerabilities have been assigned a CVSS score of 9.3 and impact various versions of FortiOS and FortiProxy. Fortinet has released patches for these vulnerabilities, and users are advised to upgrade to the latest versions to mitigate the risk.

While there is no evidence of these vulnerabilities being actively exploited, users should apply the updates as soon as possible. Threat actors have targeted unpatched Fortinet appliances in the past, making it crucial for users to stay vigilant and keep their systems up to date.

Fortinet has credited Thiago Santana from the ForticlientEMS development team and the U.K. National Centre (NCSC) for discovering and reporting the vulnerability. The company has also thanked Horizon3. for identifying the other two critical flaws.

In conclusion, Fortinet users should upgrade to the latest versions of the affected products to protect their systems from potential attacks. By staying up to date with security patches and fixes, users can ensure the safety and security of their systems and data. 

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You're in trouble, program. Why don't you make it easy on yourself. Who's your user?Master Control Program

Deitasoft © 2024. All Rights Reserved.