Intel Name: How attackers exploit patched vulnerability in forticlient ems
Date of Scan: January 1, 2025
Impact: High
Summary: Our team recently uncovered attacker tactics linked to a vulnerability in Fortinet products, which has already been patched. The flaw involves improper filtering of SQL command input, enabling SQL injection. CVE-2023-48788 impacts FortiClient EMS versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. Successful exploitation allows attackers to execute arbitrary code or commands via crafted data packets.