CVE-2023-48788
Published: 12 March 2024
Summary
CVE-2023-48788 is a critical-severity SQL Injection (CWE-89) vulnerability in Fortinet Forticlient Enterprise Management Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-48788 is an SQL injection vulnerability (CWE-89) present in Fortinet FortiClientEMS versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. The flaw stems from improper neutralization of special elements in SQL commands and can be triggered by specially crafted packets, enabling execution of unauthorized code or commands. It carries a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.
An unauthenticated remote attacker can send malicious packets to an affected FortiClientEMS instance and obtain full control over the underlying database and host, potentially leading to data exfiltration, privilege escalation, or further lateral movement within the management environment.
The Fortinet advisory FG-IR-24-007 recommends applying the vendor-supplied patches or mitigations for the listed FortiClientEMS releases. The vulnerability is also tracked in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EPSS scores have remained consistently high, with a peak of 0.9679 and current value of 0.9408, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-52821
Vulnerability details
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
- CWE(s)
- KEV Date Added
- 25 March 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted input to block the specially crafted SQL payloads that enable this injection.
Mandates timely application of vendor patches that remediate the improper neutralization flaw in FortiClientEMS.
Enforces boundary protections that can restrict unauthenticated network access to the vulnerable EMS service before crafted packets reach it.