First published: Tue Mar 12 2024(Updated: )
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiClient Enterprise Management Server | >=7.0.1<=7.0.10 | |
Fortinet FortiClient Enterprise Management Server | >=7.2.0<=7.2.2 | |
Fortinet FortiClient EMS | ||
Fortinet FortiClientEMS | >=7.2.0<=7.2.2 | |
Fortinet FortiClientEMS | >=7.0.1<=7.0.10 |
Please upgrade to FortiClientEMS version 7.2.3 or above Please upgrade to FortiClientEMS version 7.0.11 or above
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)