Fortinet warns of critical RCE bug in endpoint management software
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that could allow attackers to gain remote code execution (RCE) on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices. The security flaw (CVE-2023-48788) is an SQL injection in the DB2 Administration Server (DAS) component, which was discovered and reported by the UK’s National Cyber Security Center (NCSC) and Fortinet developer Thiago Santana. It impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), and it…