Another Critical Fortinet RCE Flaw Exploited by Nation State Actors

Written by Mitchell Langley

March 15, 2024

Another Critical Fortinet RCE Flaw Exploited by Nation State Actors

CVE-2024-48788, like many others, is another critical Fortinet RCE flaw will is an attractive target for nation-state backed actors.


Fortinet has addressed this critical remote code execution vulnerability in its FortiClient Enterprise Management Server (EMS), which is responsible for managing endpoint devices.

The Critical RCE Flaw, known as CVE-2024-48788, originates from an SQL injection flaw in the server’s direct-attached storage component.

This remote code execution flaw enables unauthorized attackers to execute arbitrary code and commands with system admin privileges on affected systems by sending specially crafted requests.

Fortinet RCE Flaw is Rated Critical in Severity

The severity rating assigned to the Critical RCE vulnerability CVE-2024-48788 by Fortinet is 9.3 out of 10 on the CVSS rating scale.

Additionally, the National Vulnerability Database has given it a near maximum score of 9.8. The flaw affects multiple versions of FortiClientEMS 7.2 and FortiClientEMS 7.0. Fortinet recommends that organizations using these affected versions upgrade to the newly patched FortiClientEMS 7.2.3 or higher, or to FortiClientEMS 7.0.11 or higher.  

The vendor has acknowledged a researcher from their FortiClientEMS development team and the UK’s National Cyber Security Center (NCSC) for discovering the Fortinet RCE flaw.

The company’s advisory provided limited information about the vulnerability. However, researchers at Horizon3.ai, who have previously reported bugs in Fortinet technologies, stated that they will release indicators of compromise, a proof-of-concept exploit, and technical details of the vulnerability next week.

Currently, there have been no known exploits targeting the remote code execution vulnerability. However, once the details and exploit become available, there may be an increased risk of attacks. Organizations should take prompt action to address the Fortinet RCE vulnerability before potential attacks occur.

Two More Unpatched Fortinet RCE Bugs Revealed by Horizon3.ai

Recently, Horizon3.ai researchers disclosed additional information on 16 vulnerabilities that were reported to Fortinet in 2023. Fortinet has already patched all but two of these vulnerabilities.

The disclosed flaws, described as critical by Horizon3.ai, impact Fortinet’s Wireless LAN Manager (WLM) and FortiSIEM technologies.

They include issues such as SQL injection, command injection, and arbitrary file read vulnerabilities. Notable vulnerabilities highlighted by Horizon3.ai in their blog include CVE-2023-34993, CVE-2023-34991, CVE-2023-42783, and CVE-2023-48782.

According to Horizon3.ai, there are several vulnerabilities in Fortinet WLM. CVE-2023-34993 allows unauthorized individuals to execute arbitrary code on affected endpoints through specially crafted requests.

CVE-2023-34991 is an SQL injection vulnerability that doesn’t require authentication and allows attackers to access and exploit the built-in image listing function in Fortinet WLM.

CVE-2023-48782 is a command injection flaw, while CVE-2023-42783 enables unauthenticated attackers to read files on affected systems without any restrictions.

As of March 13, 2024, Horizon3.ai has identified two unpatched vulnerabilities. The first is an unauthenticated limited log file read bug, and the second is a static session ID vulnerability.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!