Updated March 27th, 2024

Fortinet has addressed a critical vulnerability regarding remote code execution (RCE) in several versions of its FortiClient Enterprise Management Server (EMS), used for endpoint device management.

Fortinet
FortiClient CVE-2024-48788 Vulnerability

FortiClient CVE-2024-48788 Vulnerability

The vulnerability, CVE-2024-48788, stems from an SQL injection flaw in a direct-attached storage component of the server. This flaw allows unauthenticated attackers to run code and commands, giving them system admin privileges on affected systems via carefully crafted requests.

Fortinet rated the severity of the vulnerability at 9.3 on the CVSS rating scale, while the National Vulnerability Database assigned it a nearly maximum score of 9.8.

Affected Versions:

FortiClientEMS version 7.2.0 – 7.2.2
FortiClientEMS version 7.0.1 – 7.0.10

Solutions:

Upgrade to FortiCLientEMS 7.2.3 or above
Upgrade to FortiClientEMS 7.0.11 or above

We recommend updating any affected systems immediately. Fortinet has revisited its earlier advisory, now saying this vulnerability “is exploited in the wild,” and CISA has enlisted it in its Known Exploited Vulnerabilities (KEV) catalog. The situation has drastically evolved (and not for the better), mostly due to a recently released proof-of-concept (PoC) exploit where the technical details of this flaw were publicly disclosed.

The brief window of opportunity to address CVE-2024-48788 before attacks begin has closed. It is critical that you update your systems as soon as possible, along with doing the following:

Take Immediate Action

Organizations using FortiClient EMS should prioritize updating their systems to patched versions immediately to protect their systems from this specific threat.

Audit and Monitor

Beyond patching, it’s essential to audit and monitor systems continuously, especially those accessible via the internet, to detect and deter criminal activities.

Enhance Vigilance

Maintaining a robust defense strategy against expanding threats involves following advisories from trusted bodies like CISA, and staying educated on emerging cybersecurity threats.

Collaborate with Intelligence

Using information from cybersecurity companies can help businesses take action ahead of time and develop better ways to defend against cyberattacks.

If you need assistance updating your systems or have any additional questions about this vulnerability, please reach out to us.

If you’d like to learn more about this FortiClient vulnerability and how to protect your FortiClient appliances, please contact us by calling (502) 240-0404 or emailing info@mirazon.com