Home Fortinet CVE-2023-48788
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Fortinet

CVE-2023-48788

Exploited

FortiClientEMS - FortiClientEMS

Fortinet CVSS 9.8 Updated March 18, 2026

Executive Risk Summary

"A SQL injection vulnerability in FortiClientEMS versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10 allows attackers to execute unauthorized code or commands via specially crafted packets. This vulnerability poses a significant risk to the integrity of the system, as it can be exploited to gain unauthorized access or disrupt system operations."

Operational Audit Arsenal

Target Type Firmware Image
Target Asset FortiClientEMS
Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

SQL injection vulnerability in FortiClientEMS, patching required to prevent unauthorized access or system disruption

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.com/psirt/FG-IR-24-007
Official Advisoryhttps://fortiguard.com/psirt/FG-IR-24-007
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API
CVE-2024-23109 CVSS 10

FortiGate - API
CVE-2023-34992 CVSS 10

FortiGate - API
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.