A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2, FortiClientEMS 7.0.1 up to and including 7.0.10 allows malicious user to execute unauthorized code or commands via specially crafted packets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet forticlient enterprise management server |
Exploit released for Fortinet RCE bug used in attacks, patch now By Sergiu Gatlan March 21, 2024 11:17 AM 0 Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centr...
Fortinet warns of critical RCE bug in endpoint management software By Sergiu Gatlan March 13, 2024 02:48 PM 0 Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices. The security flaw (C...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet
Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities β none listed as under active attack or already known to the public. We'll hold our judgement until tomorrow to see if Exploit Wednesday lives up to its name. But in the meantime, here's a look at Redmond's security bugs. Two of the latest patches are listed as critical and both affect Windows Hyper-V hypervisor. Oddly, the two critical bugs didn't receive the highest CVSS ratings β but ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources A huge attack surface for a vulnerability with various PoCs available
The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 β down only slightly from more than 150,000 ten days prior. Fortinet patched CVE-2024-21762 in early February, well over a month ago. It's a 9.6 severity vuln...