cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ACSC releases critical alert over Fortinet’s FortiClient EMS vulnerability

The Australian Cyber Security Centre and Fortinet warn of active exploitation of vulnerability affecting multiple versions of Fortinet’s FortiClient EMS server platform.

user icon David Hollingworth
Mon, 25 Mar 2024
ACSC releases Critical Alert over Fortinet’s FortiClientEMS vulnerability
expand image

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has released a critical alert regarding a vulnerability in Fortinet’s FortiClient EMS.

The vulnerability – CVE-2023-48788 – affects versions 7.2 to 7.2.2 and 7.0 to 7.0.10 of FortiClient EMS and can allow a threat actor to execute code remotely.

“An improper neutralisation of special elements used in an SQL Command (“SQL Injection”) vulnerability [CWE-89] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests,” Fortinet said of the flaw in its own advisory.

While Fortinet has made a patch available, the ACSC and Fortinet have said that the vulnerability is currently being exploited in the wild.

“Australian organisations should review their networks for use of vulnerable instances of the FortiClient EMS and apply patches available from Fortinet,” the ACSC said in its Friday, 22 March advisory.

The flaw was first discovered in early March while researchers with the Horizon3 Attack Team developed a proof of concept, functional exploit on 21 March, a day before the ACSC released its critical alert.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.