- Description
- A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiClient EMS SQL Injection Vulnerability
- Exploit added on
- Mar 25, 2024
- Exploit action due
- Apr 15, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-89
- Hype score
- Not currently trending
Medusa Ransomware Hits 300+ U.S. Critical Infrastructure Orgs 🚨 Active since 2021, the gang exploits CVE-2024-1709 & CVE-2023-48788, using phishing & LOTL tactics for double & triple extortion. FBI & CISA warn—fortify defenses now! https://t.co/6w8vLZ1Kpo #
@dCypherIO
13 Mar 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
¡HackGDL 2025 está próximo a comenzar!🔥 Ashley Hiram Muñoz, Incident Response Specialist en Kaspersky, quien presentará un análisis sobre el Ransomware Ymir, una nueva amenaza con tácticas avanzadas, y la vulnerabilidad en Fortinet FortiClientEMS (CVE-2023-48788), explotada por…
@KasperskyLatino
25 Feb 2025
140 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
¡HackGDL 2025 está próximo a comenzar!🔥 Ashley Hiram Muñoz, Incident Response Specialist en Kaspersky, quien presentará un análisis sobre el Ransomware Ymir, una nueva amenaza con tácticas avanzadas, y la vulnerabilidad en Fortinet FortiClientEMS (CVE-2023-48788), explotada por…
@KasperskyLatino
18 Feb 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1709 and CVE-2023-48788 are being actively exploited in Russia’s BadPilot campaign, targeting vulnerable systems. More details: https://t.co/OAGZNVVgFK #CyberSecurity #ThreatIntel
@adriananglin
17 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
¡HackGDL 2025 está próximo a comenzar!🔥 Ashley Hiram Muñoz, Incident Response Specialist en Kaspersky, quien presentará un análisis sobre el Ransomware Ymir, una nueva amenaza con tácticas avanzadas, y la vulnerabilidad en Fortinet FortiClientEMS (CVE-2023-48788), explotada por…
@KasperskyLatino
15 Feb 2025
166 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-48788 is a vulnerability related to incorrect handling of user data in one of the popular software products. It may allow an attacker to execute arbitrary code or gain access to sensitive information on the vulnerable system. GitHub: https://t.co/c44praiwYV https://t.co
@CyberPentestLab
5 Feb 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ICYMI: Our GERT team recently uncovered a sophisticated attack leveraging CVE-2023-48788, exploiting Fortinet FortiClient EMS. The attackers used advanced TTPs to infiltrate enterprise infrastructures, showcasing the critical need for proactive patch management and vigilant… htt
@kaspersky
24 Jan 2025
1172 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
К чему может привести пренебрежение своевременным обновлением корпоративных защитных систем? Например, к эксплуатации уязвимости CVE-2023-48788 в устаревшей версии FortiClient EMS. За анализ инцидента взялись наши специалисты из GERT и выявили тактики, техники и процедуры… https
@Kaspersky_ru
15 Jan 2025
171 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Our GERT team recently uncovered a sophisticated attack leveraging CVE-2023-48788, exploiting Fortinet FortiClient EMS. The attackers used advanced TTPs to infiltrate enterprise infrastructures, showcasing the critical need for proactive patch management and vigilant defense.… h
@kaspersky
7 Jan 2025
1303 Impressions
2 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Our GERT team recently uncovered a sophisticated attack leveraging CVE-2023-48788, exploiting Fortinet FortiClient EMS. The attackers used advanced TTPs to infiltrate enterprise infrastructures, showcasing the critical need for proactive patch management and vigilant defense.… h
@kaspersky
31 Dec 2024
1389 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-50379 2 - CVE-2024-38200 3 - CVE-2024-12856 4 - CVE-2023-48788 5 - CVE-2024-7971 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
30 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our GERT team recently uncovered a sophisticated attack leveraging CVE-2023-48788, exploiting Fortinet FortiClient EMS. The attackers used advanced TTPs to infiltrate enterprise infrastructures, showcasing the critical need for proactive patch management and vigilant defense.… h
@kaspersky
30 Dec 2024
1463 Impressions
3 Retweets
10 Likes
0 Bookmarks
1 Reply
0 Quotes
Fortinet の脆弱性 CVE-2023-48788:検出された積極的な悪用とは? https://t.co/G1hgzZ3ItX この SQL インジェクションの脆弱性 CVE-2023-48788 ですが、お隣のキュレーション・チームに聞いてみたところ、最初のレポートは 3月14日のことであり、3月25日には CISA KEV… https://t.co/VXisoWkVVy
@iototsecnews
30 Dec 2024
122 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect. They’ve already targeted companies across 12 countries, leveraging: » SQL injection for unauthorized access » Password recovery tools like Mimikatz h
@SpecterCy
27 Dec 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our GERT team recently uncovered a sophisticated attack leveraging CVE-2023-48788, exploiting Fortinet FortiClient EMS. The attackers used advanced TTPs to infiltrate enterprise infrastructures, showcasing the critical need for proactive patch management and vigilant defense.… h
@kaspersky
26 Dec 2024
1595 Impressions
0 Retweets
14 Likes
2 Bookmarks
1 Reply
0 Quotes
侵入初期に狙われる「FortiClient EMS」の既知脆弱性に注意(1ページ目 / 全2ページ):Security NEXT https://t.co/Rqr6RoR4tD >「FortiClient EMS」の脆弱性「CVE-2023-48788」が組織ネットワークへ侵入する攻撃の足がかりとして悪用され、複数の組織が侵害被害に
@abdda149
26 Dec 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect. They’ve already targeted companies across 12 countries, leveraging: » SQL injection for unauthorized access » Password recovery tools like… http
@Cyberwald_talks
24 Dec 2024
41 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting FortiClient EMS Vulnerability (CVE-2023-48788) in the Wild: https://t.co/MKbE954ndd Cybersecurity researchers have identified active exploitation of a critical vulnerability in Fortinet's FortiClient EMS (CVE-2023-48788), allowing SQL injection attacks for… ht
@securityRSS
23 Dec 2024
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a critical Fortinet EMS vulnerability (CVE-2023-48788) to deploy remote desktop software like AnyDesk and ScreenConnect. These tools allow them to take control of compromised systems and move laterally across networks. https://t.co/YXdnskLCog
@Shift6Security
23 Dec 2024
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-48788 https://t.co/179wloo6Re
@ManuelDantas
21 Dec 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberSecurity #Vulnerability Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788 https://t.co/UkUsaMdqQp
@Komodosec
21 Dec 2024
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Attackers are exploiting #Fortinet's CVE-2023-48788 (CVSS 9.3) to install #remote #desktop tools like #AnyDesk and #ScreenConnect. They’ve already targeted #companies across 12 #countries, Find details here: https://t.co/36VUW1wiN9
@podcastBhai333
20 Dec 2024
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers exploitent la vulnérabilité critique Fortinet EMS CVE-2023-48788 pour déployer des outils d'accès à distance. Un risque élevé pour la sécurité des organisations. #Cybersécurité #Vulnérabilité #AlerteSécurité 👉 https://t.co/1spVucdWvK
@CyberAlertFr
20 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet Critical Vulnerability Exploited (CVE-2023-48788) 🚨 Severity: 9.3 (Critical) Impact: SQL injection in FortiClient EMS exploited to deploy remote access tools like AnyDesk. ➡️ Fortinet has released patches. Update immediately to secure your systems! #Fortinet
@arunpratap786
20 Dec 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"This #incident underscores the importance of timely #patch management and robust #cybersecurity practices to defend against evolving threats exploiting known vulnerabilities like CVE-2023-48788." https://t.co/fs7m1UQubx
@EChavarro
20 Dec 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Hackers Exploiting Critical Fortinet EMS Vulnerability Cyber attackers are actively exploiting a critical vulnerability in Fortinet's FortiClient EMS, CVE-2023-48788, to install remote access tools like AnyDesk and ScreenConnect. Immediate patching is advised to prevent… htt
@gossy_84
20 Dec 2024
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect. They’ve already targeted companies across 12 countries, leveraging: » SQL injection for unauthorized access » Password recovery tools like Mimikatz »
@TheHackersNews
20 Dec 2024
41924 Impressions
51 Retweets
111 Likes
39 Bookmarks
0 Replies
2 Quotes
Kaspersky's GERT team revealed attackers exploiting CVE-2023-48788, a patched Fortinet vulnerability, leading to unauthorized access and remote tools deployment. Timely patching is crucial. 🛡️ #VulnExploitation #RemoteAccess #ThreatResearch link: https://t.co/jiX9V6nWpM https:/
@TweetThreatNews
19 Dec 2024
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiClient EMSの脆弱性CVE-2023-48788が攻撃者により積極的に悪用。SQLインジェクションにより不正なコード実行が可能で、ネットワーク侵害やRMMツールの展開が確認された。修正版への早急なアップデートが推奨される。 https://t.co/kh0r2pTZAX
@01ra66it
19 Dec 2024
37 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788 https://t.co/clzvibXozN
@Cyberwald_talks
19 Dec 2024
9 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting FortiClient EMS Vulnerability (CVE-2023-48788) in the Wild Source: https://t.co/KojekdCCKK Active exploitation of a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS), tracked as CVE-2023-48788.
@gbhackers_news
19 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability Learn about the new CVE-2023-48788 exploit targeting #Fortinet FortiClient EMS and how to protect your network from unauthorized code execution https://t.co/6K1DRU3xhp
@the_yellow_fall
19 Dec 2024
162 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Who actively monitors the Application Event Log for the Event ID 15457, containing the string xp_cmdshell? The screenshot below is from an Incident Response engagement this year from an exploited FortiClient EMS server (CVE-2023-48788). xp_cmdshell spawns a Windows command… ht
@malmoeb
6 Dec 2024
22464 Impressions
48 Retweets
249 Likes
196 Bookmarks
6 Replies
1 Quote
#Malware #AnyDesk Medusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks https://t.co/biwaUOEGxP
@Komodosec
21 Oct 2024
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35945D3A-886A-4BC1-8930-083A5DC61390",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0.1"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92FF887E-F119-413F-92F4-B9314C953F9B",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7.2.0"
}
],
"operator": "OR"
}
]
}
]