Details of VAR-202403-2416

ID

VAR-202403-2416

CVE

CVE-2023-48788

TITLE

fortinet's FortiClient EMS In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-026391

DESCRIPTION

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. fortinet's FortiClient EMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48788 // JVNDB: JVNDB-2023-026391

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient enterprise management server	scope:	lte	version:	7.2.2	Trust: 1.0
vendor:	fortinet	model:	forticlient enterprise management server	scope:	gte	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	forticlient enterprise management server	scope:	lte	version:	7.0.10	Trust: 1.0
vendor:	fortinet	model:	forticlient enterprise management server	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	フォーティネット	model:	forticlient ems	scope:	eq	version:	7.2.0 to 7.2.2	Trust: 0.8
vendor:	フォーティネット	model:	forticlient ems	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	forticlient ems	scope:	eq	version:	7.0.1 to 7.0.10	Trust: 0.8

sources: JVNDB: JVNDB-2023-026391 // NVD: CVE-2023-48788

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-48788
value:	CRITICAL
Trust: 1.8
psirt@fortinet.com:	CVE-2023-48788
value:	CRITICAL
Trust: 1.0

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-48788
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-026391 // NVD: CVE-2023-48788 // NVD: CVE-2023-48788

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-026391 // NVD: CVE-2023-48788

CONFIGURATIONS

sources: NVD: CVE-2023-48788

PATCH

title:

FG-IR-24-007

url:

https://fortiguard.com/psirt/fg-ir-24-007

Trust: 0.8

sources: JVNDB: JVNDB-2023-026391

EXTERNAL IDS

db:	NVD	id:	CVE-2023-48788	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-026391	Trust: 0.8

sources: JVNDB: JVNDB-2023-026391 // NVD: CVE-2023-48788

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-24-007	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48788	Trust: 0.8
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8

sources: JVNDB: JVNDB-2023-026391 // NVD: CVE-2023-48788

SOURCES

db:	JVNDB	id:	JVNDB-2023-026391
db:	NVD	id:	CVE-2023-48788

LAST UPDATE DATE

2024-07-19T23:21:32.474000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-026391	date:	2024-07-18T02:53:00
db:	NVD	id:	CVE-2023-48788	date:	2024-05-23T18:00:08.207

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-026391	date:	2024-07-18T00:00:00
db:	NVD	id:	CVE-2023-48788	date:	2024-03-12T15:15:46.973