{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-48788","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-11-19T19:58:38.554Z","datePublished":"2024-03-12T15:09:18.527Z","dateUpdated":"2025-10-21T23:05:23.092Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiClientEMS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.2","status":"affected"},{"versionType":"semver","version":"7.0.1","lessThanOrEqual":"7.0.10","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-03-19T08:04:03.038Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.3,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiClientEMS version 7.2.3 or above \nPlease upgrade to FortiClientEMS version 7.0.11 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-24-007","url":"https://fortiguard.com/psirt/FG-IR-24-007"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-48788","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-08-16T04:01:14.476146Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2024-03-25","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788"}}}],"affected":[{"cpes":["cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"forticlient_enterprise_management_server","versions":[{"status":"affected","version":"7.2.0","versionType":"semver","lessThanOrEqual":"7.2.2"},{"status":"affected","version":"7.0.1","versionType":"semver","lessThanOrEqual":"7.0.10"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"forticlient_enterprise_management_server","versions":[{"status":"affected","version":"7.2.0","versionType":"semver","lessThanOrEqual":"7.2.2"},{"status":"affected","version":"7.0.1","versionType":"semver","lessThanOrEqual":"7.0.10"}],"defaultStatus":"unaffected"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788","tags":["government-resource"]}],"timeline":[{"time":"2024-03-25T00:00:00.000Z","lang":"en","value":"CVE-2023-48788 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:05:23.092Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:37:55.011Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-24-007","url":"https://fortiguard.com/psirt/FG-IR-24-007","tags":["x_transferred"]}]}]}}