Sign-up

ID

VAR-202403-2416


CVE

CVE-2023-48788


DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Trust: 1.0

sources: NVD: CVE-2023-48788

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient enterprise management serverscope:lteversion:7.0.10

Trust: 1.0

vendor:fortinetmodel:forticlient enterprise management serverscope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:forticlient enterprise management serverscope:lteversion:7.2.2

Trust: 1.0

vendor:fortinetmodel:forticlient enterprise management serverscope:gteversion:7.0.1

Trust: 1.0

sources: NVD: CVE-2023-48788

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-48788
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2023-48788
value: CRITICAL

Trust: 1.0

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-48788 // NVD: CVE-2023-48788

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2023-48788

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-48788

EXTERNAL IDS
db:NVDid:CVE-2023-48788
Trust: 1.0
sources:
            
            
            NVD: CVE-2023-48788

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-24-007
Trust: 1.0
sources:
            
            
            NVD: CVE-2023-48788

SOURCES
db:NVDid:CVE-2023-48788

LAST UPDATE DATE
2024-03-29T22:54:03.618000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2023-48788date:2024-03-26T01:00:02.003

SOURCES RELEASE DATE
db:NVDid:CVE-2023-48788date:2024-03-12T15:15:46.973