ГлавнаяУязвимости → CVE-2023-48788
9.8критическая

CVE-2023-48788

Описание

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Затрагиваемое ПО
Fortinet Forticlient enterprise management server
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://fortiguard.com/psirt/FG-IR-24-007https://fortiguard.com/psirt/FG-IR-24-007https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788