Security advisories

Critical Fortinet Vulnerability Disclosed

March 14, 2024 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On March 12th, Fortinet issued a warning regarding a critical security flaw in its FortiClientEMS software. The vulnerability, identified as CVE-2023-48788 (CVSS: 9.8), is a SQL injection flaw. Exploitation would allow an unauthenticated threat actor to execute code or commands remotely through specifically crafted requests, enabling initial access into organizations and allowing for follow-on activity such as malware deployment.

eSentire is aware of claims that Proof-of-Concept (PoC) exploit code and other technical details for CVE-2023-48788 will be publicly released next week (March 18th-22nd). It is critical that organizations apply the relevant security patches prior to the release of PoC exploit code, as this release will significantly increase the likelihood of real-world exploitation.

The eSentire Threat Intelligence team assesses that exploitation of CVE-2023-48788 will occur in the near future, raising the criticality of quickly addressing this vulnerability.

What we’re doing about it

What you should do about it

Additional information

CVE-2023-48788 stems from an improper neutralization of special elements in an SQL Command (SQL Injection). Organizations are strongly recommended to update all impacted Fortinet devices to the most recent version as soon as possible. Alternative mitigations are not currently available.

Horizon3.ai has stated that they will release technical details and PoC exploit code for this vulnerability next week. The release of PoC code significantly lowers the barriers for vulnerability exploitation and allows even low-skilled threat actors to exploit complex vulnerabilities.

Fortinet vulnerabilities have a history of being exploited by threat actors. Most recently, on February 9th, a Remote Code Execution vulnerability in Fortinet FortiOS, tracked as CVE-2024-21762 (CVSS: 9.8), was added to CISA’s Known Exploited Vulnerability (KEV) catalog. Past exploitation may indicate that threat actors are already familiar with the platform and have an interest in targeting these devices.

The release of technical details and PoC exploit code significantly increases the likelihood of this vulnerability being exploited in real-world attacks. The eSentire Threat Intelligence team assesses that it is highly probable that real-world exploitation of CVE-2023-48788 will occur in the near future.

References:

[1] https://fortiguard.fortinet.com/psirt/FG-IR-24-007
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-48788
[3] https://twitter.com/Horizon3Attack/status/1767965754744312161

View Most Recent Advisories