CISA Known Exploited Vulnerability (KEV)
Fortinet FortiClient EMS SQL Injection Vulnerability
March 25, 2024
April 15, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-89 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |