Fortinet has addressed a critical vulnerability regarding remote code execution (RCE) in several versions of its FortiClient Enterprise Management Server (EMS), used for endpoint device management.
The vulnerability, CVE-2024-48788, stems from an SQL injection flaw in a direct-attached storage component of the server. This flaw allows unauthenticated attackers to run code and commands, giving them system admin privileges on affected systems via carefully crafted requests.
Fortinet rated the severity of the vulnerability at 9.3 on the CVSS rating scale, while the National Vulnerability Database assigned it a nearly maximum score of 9.8.
FortiClientEMS version 7.2.0 – 7.2.2
FortiClientEMS version 7.0.1 – 7.0.10
Upgrade to FortiCLientEMS 7.2.3 or above
Upgrade to FortiClientEMS 7.0.11 or above
We recommend updating any affected systems immediately. Fortinet has revisited its earlier advisory, now saying this vulnerability “is exploited in the wild,” and CISA has enlisted it in its Known Exploited Vulnerabilities (KEV) catalog. The situation has drastically evolved (and not for the better), mostly due to a recently released proof-of-concept (PoC) exploit where the technical details of this flaw were publicly disclosed.
The brief window of opportunity to address CVE-2024-48788 before attacks begin has closed. It is critical that you update your systems as soon as possible, along with doing the following:
Organizations using FortiClient EMS should prioritize updating their systems to patched versions immediately to protect their systems from this specific threat.
Beyond patching, it’s essential to audit and monitor systems continuously, especially those accessible via the internet, to detect and deter criminal activities.
Maintaining a robust defense strategy against expanding threats involves following advisories from trusted bodies like CISA, and staying educated on emerging cybersecurity threats.
Using information from cybersecurity companies can help businesses take action ahead of time and develop better ways to defend against cyberattacks.
If you need assistance updating your systems or have any additional questions about this vulnerability, please reach out to us.