www.darkreading.com Open in urlscan Pro
2606:4700::6812:6c2f  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Dark Reading is part of the Informa Tech Division of Informa PLC
Informa PLC|ABOUT US|INVESTOR RELATIONS|TALENT
This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them. Informa PLC's registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales and Scotlan. Number 8860726.

Black Hat NewsOmdia Cybersecurity

Newsletter Sign-Up

Newsletter Sign-Up

Cybersecurity Topics

RELATED TOPICS

 * Application Security
 * Cybersecurity Careers
 * Cloud Security
 * Cyber Risk
 * Cyberattacks & Data Breaches
 * Cybersecurity Analytics
 * Cybersecurity Operations
 * Data Privacy
 * Endpoint Security
 * ICS/OT Security

 * Identity & Access Mgmt Security
 * Insider Threats
 * IoT
 * Mobile Security
 * Perimeter
 * Physical Security
 * Remote Workforce
 * Threat Intelligence
 * Vulnerabilities & Threats


World

RELATED TOPICS

 * DR Global

 * Middle East & Africa

See All
The Edge
DR Technology
Events

RELATED TOPICS

 * Upcoming Events

 * Webinars

SEE ALL
Resources

RELATED TOPICS

 * Library
 * Newsletters
 * Reports
 * Videos
 * Webinars
 * Whitepapers

 * 
 * 
 * 
 * 
 * Partner Perspectives:
 * > Microsoft

SEE ALL


 * Vulnerabilities & Threats
 * Threat Intelligence
 * Endpoint Security
 * Remote Workforce


FORTINET WARNS OF YET ANOTHER CRITICAL RCE FLAW

CVE-2024-48788, like many other recent Fortinet flaws, will likely be an
attractive target, especially for nation-state backed actors.

Jai Vijayan, Contributing Writer

March 14, 2024

3 Min Read
Source: Postmodern Studio via Shutterstock


Fortinet has patched a critical remote code execution (RCE) vulnerability in its
FortiClient Enterprise Management Server (EMS) for managing endpoint devices.

The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a
direct-attached storage component of the server. It gives unauthenticated
attackers a way to execute arbitrary code and commands with system admin
privileges on affected systems, using specially crafted requests.


CRITICAL SEVERITY VULNERABILITY

Fortinet gave the vulnerability a severity rating of 9.3 out of 10 on the CVSS
rating scale and the National Vulnerability Database itself has assigned it a
near maximum score of 9.8. The flaw is present in multiple versions of
FortiClientEMS 7.2 and FortiClientEMS 7.0, and Fortinet advises organizations
using affected versions to upgrade to the newly patched FortiClientEMS 7.2.3 or
above, or to FortiClientEMS 7.0.11 or above.



The vendor credited a researcher from its FortiClientEMS development team and
the United Kingdom's National Cyber Security Center (NCSC) for discovering the
flaw.



The company’s advisory offered scant details on the vulnerability. But
researchers at Horizon3.ai who have reported multiple previous bugs in Fortinet
technologies this week said they would release indicators of compromise, a
proof-of-concept (PoC) exploit, and technical details of the bug next week.

So far, there have been no reports of exploit activity in the wild targeting the
flaw. But that could quickly change when details of the bug and the PoC become
available next week, meaning organizations have a relatively small window of
opportunity to address the vulnerability before attacks begin.




POPULAR ATTACKER TARGET

"Fortinet devices have been frequently targeted by attackers with several
noteworthy flaws observed since 2019," Tenable warned in an advisory about
CVE-2024-48788. As examples, the security vendor pointed to CVE-2023-27997, a
critical heap-based buffer overflow vulnerability in multiple versions of
Fortinet's FortiOS and FortiProxy technology, and CVE-2022-40684, an
authentication bypass flaw in FortiOS, FortiProxy, and FortiSwitch Manager
technologies that a threat actor sold for initial access purposes.



"Other vulnerabilities in Fortinet devices have attracted the attention of
multiple nation-state threat actors and ransomware groups like Conti. Fortinet
vulnerabilities have been included as part of the top routinely exploited
vulnerability lists in recent years," Tenable said.

Fortinet vulnerabilities have also featured in warnings from the US
Cybersecurity and Infrastructure Security Agency (CISA), the National Security
Agency (NSA), and others about flaws that nation-stated backed threat actors
have frequently exploited in their campaigns. The most recent of these warnings
pertained to efforts by Volt Typhoon and other China-backed threat groups to
break into and maintain persistent access on US critical infrastructure
networks.


TWO UNPATCHED FORTINET BUGS

Meanwhile, in a separate development, researchers at Horizon3.ai this week
publicly disclosed more details on 16 flaws they reported to Fortinet in 2023 —
all but two of which the company has already patched. The flaws — some of which
Horizon described as critical — affect Fortinet's Wireless LAN Manager (WLM) and
FortiSIEM technologies. The vulnerabilities include SQL injection issues,
command injection flaws, and those that enable arbitrary file reads.

Among the vulnerabilities that Horizon3.ai highlighted in its blog this week are
CVE-2023-34993; CVE-2023-34991; CVE-2023-42783; and CVE-2023-48782.



According to Horizon3.ai, CVE-2023-34993 allows an unauthenticated attacker to
execute arbitrary code on affected endpoints using specially crafted requests.
CVE-2023-34991 is an unauthenticated SQL injection vulnerability that gives
attackers a way to access and abuse a built-in image listing function in
Fortinet WLM; CVE-2023-48782 is a command injection flaw; and CVE-2023-42783
enables an unauthenticated attack to do arbitrarily read files on affected
systems.

Horizon3.ai identified the two vulnerabilities that remain unpatched as of March
13, 2024, as an unauthenticated limited log file read bug and a static session
ID vulnerability.




ABOUT THE AUTHOR(S)

Jai Vijayan, Contributing Writer



Jai Vijayan is a seasoned technology reporter with over 20 years of experience
in IT trade journalism. He was most recently a Senior Editor at Computerworld,
where he covered information security and data privacy issues for the
publication. Over the course of his 20-year career at Computerworld, Jai also
covered a variety of other technology topics, including big data, Hadoop,
Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai
covered technology issues for The Economic Times in Bangalore, India. Jai has a
Master's degree in Statistics and lives in Naperville, Ill.

See more from Jai Vijayan, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.

Subscribe

You May Also Like

--------------------------------------------------------------------------------

Vulnerabilities & Threats

AlphaLock' Hacker Organization Launches Pen-Testing Training Group
Vulnerabilities & Threats

Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable
Vulnerabilities & Threats

Virtual Alarm: VMware Issues Major Security Advisory
Vulnerabilities & Threats

Generative AI Projects Pose Major Cybersecurity Risk to Enterprises
More Insights
Webinars

 * Unleash the Power of Gen AI for Application Development, Securely
   
   March 19, 2024

 * The Anatomy of a Ransomware Attack, Revealed
   
   March 20, 2024

 * How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
   
   March 26, 2024

 * Building a Modern Endpoint Strategy for 2024 and Beyond
   
   March 27, 2024

 * Building a Modern Endpoint Strategy for 2024 and Beyond
   
   March 27, 2024

More Webinars
Events

 * CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
   
   March 21, 2024

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   March 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   April 16, 2024

More Events



EDITOR'S CHOICE

A mobile device with a red screen on which is a triangle with an exclamation
point in the middle
Endpoint Security
Sophisticated Vishing Campaigns Take World by StormSophisticated Vishing
Campaigns Take World by Storm
byElizabeth Montalbano, Contributing Writer
Mar 11, 2024
5 Min Read

A green goblin in a cloak sticks his tongue out amid binary code
Threat Intelligence
'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours'Magnet Goblin' Exploits
Ivanti 1-Day Bug in Mere Hours
byNate Nelson, Contributing Writer
Mar 12, 2024
3 Min Read
Finger touching the word AI against a dark background
Cyber Risk
Google's Gemini AI Vulnerable to Content ManipulationGoogle's Gemini AI
Vulnerable to Content Manipulation
byJai Vijayan, Contributing Writer
Mar 12, 2024
5 Min Read

cyberattacker in a hoodie, red tint
Threat Intelligence
Typosquatting Wave Shows No Signs of AbatingTyposquatting Wave Shows No Signs of
Abating
byDavid Strom
Mar 11, 2024
6 Min Read
Reports

 * Industrial Networks in the Age of Digitalization

 * Zero-Trust Adoption Driven by Data Protection

 * How Enterprises Assess Their Cyber-Risk

 * The Foundation for Building Scalable Applications to Fuel Customer
   Satisfaction and Growth

 * How Enterprises are Attacking the Cybersecurity Problem

More Reports
White Papers

 * Gcore Radar

 * A Solution Guide to Operational Technology Cybersecurity

 * Causes and Consequences of IT and OT Convergence

 * Endpoint Best Practices to Block Ransomware

 * Threat Intelligence: Data, People and Processes

More Whitepapers
Events

 * CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
   
   March 21, 2024

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   March 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   April 16, 2024

More Events





DISCOVER MORE WITH INFORMA TECH

Black HatOmdia

WORKING WITH US

About UsAdvertiseReprints

JOIN US


Newsletter Sign-Up

FOLLOW US



Copyright © 2024 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

Home|Cookie Policy|Privacy|Terms of Use

Cookies Button


ABOUT COOKIES ON THIS SITE

We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy

Accept All
Settings



COOKIE PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎
Back Button


BACK



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Confirm My Choices