Threat Intelligence / CVE / CVE-2023-48788
CVE-2023-48788
CISA KEVRansomwareA improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-89
Threats tracking this CVE
References
- https://fortiguard.com/psirt/FG-IR-24-007
- https://fortiguard.com/psirt/FG-IR-24-007
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788
Full detection coverage & IOCs for threats exploiting CVE-2023-48788 are available via the Threadlinqs MCP server (Purple tier). View plans →