Fortinet has addressed a critical vulnerability regarding remote code execution (RCE) in several versions of its FortiClient Enterprise Management Server (EMS), used for endpoint device management.
FortiClient CVE-2024-48788 Vulnerability
The vulnerability, CVE-2024-48788, stems from an SQL injection flaw in a direct-attached storage component of the server. This flaw allows unauthenticated attackers to run code and commands, giving them system admin privileges on affected systems via carefully crafted requests.
Fortinet rated the severity of the vulnerability at 9.3 on the CVSS rating scale, while the National Vulnerability Database assigned it a nearly maximum score of 9.8.
Affected Versions:
FortiClientEMS version 7.2.0 – 7.2.2
FortiClientEMS version 7.0.1 – 7.0.10
Solutions:
Upgrade to FortiCLientEMS 7.2.3 or above
Upgrade to FortiClientEMS 7.0.11 or above
We recommend updating any affected systems immediately. Fortinet has revisited its earlier advisory, now saying this vulnerability “is exploited in the wild,” and CISA has enlisted it in its Known Exploited Vulnerabilities (KEV) catalog. The situation has drastically evolved (and not for the better), mostly due to a recently released proof-of-concept (PoC) exploit where the technical details of this flaw were publicly disclosed.
The brief window of opportunity to address CVE-2024-48788 before attacks begin has closed. It is critical that you update your systems as soon as possible, along with doing the following:
Take Immediate Action
Organizations using FortiClient EMS should prioritize updating their systems to patched versions immediately to protect their systems from this specific threat.
Audit And Monitor
Beyond patching, it’s essential to audit and monitor systems continuously, especially those accessible via the internet, to detect and deter criminal activities.
Enhance Vigilance
Maintaining a robust defense strategy against expanding threats involves following advisories from trusted bodies like CISA, and staying educated on emerging cybersecurity threats.
Collaborate With Intelligence
Using information from cybersecurity companies can help businesses take action ahead of time and develop better ways to defend against cyberattacks.
If you need assistance updating your systems or have any additional questions about this vulnerability, please reach out to us.