home.social
Sign in Create account

#cve_2023_48788 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cve_2023_48788, aggregated by home.social.

  1. The Threat Codex @[email protected] ·

    Attackers exploiting a patched FortiClient EMS vulnerability in the wild
    #CVE_2023_48788
    securelist.com/patched-forticl

    #cve_2023_48788
  2. Not Simon @[email protected] ·

    Red Canary reported that in late March 2024, threat actors exploited CVE-2023-48788 (9.8 critical, disclosed 12 March 2024 by Fortinet, Proof of Concept by Horizon3) in FortiClient enterprise management servers (FortiClient EMS) to install unauthorized remote management and monitoring (RMM) tools and PowerShell backdoors. While no IOC are listed, they provide detection methods for post-exploitation activity. 🔗 redcanary.com/blog/cve-2023-48

    #threatintel #CVE_2023_48788 #Fortinet #CISA #KEV #eitw #activeexploitation #KnownExploitedVulnerabilitiesCatalog

    #threatintel #cve_2023_48788 #fortinet #cisa #kev #eitw
  3. Not Simon @[email protected] ·

    CISA adds 3 vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: cisa.gov/news-events/alerts/20

    • CVE-2023-48788 (9.8 critical) Fortinet FortiClient EMS SQL Injection Vulnerability
    • CVE-2021-44529 (9.8 critical) Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
    • CVE-2019-7256 (10.0 critical) Nice Linear eMerge E3-Series OS Command Injection Vulnerability

    Notes:

    • Fortinet quietly updated their security advisory around 21 March 2024 stating that "This vulnerability is exploited in the wild". Horizon3 also released a Proof of Concept that day.
    • On 16 February 2024, @iagox86 of @greynoise provided a technical analysis of CVE-2021-44529, which suggested that it was an intentional backdoor in a dead project
    • SonicWall previously reported the active exploitation of CVE-2019-7256 on 01 February 2020.

    #CISA #KnownExploitedVulnerabilitiesCatalog #KEV #eitw #activeexploitation #CVE_2023_48788 #CVE_2021_44529 #CVE_2019_7256

    #cisa #knownexploitedvulnerabilitiescatalog #kev #eitw #activeexploitation #cve_2023_48788
  4. Not Simon @[email protected] ·

    Fortinet security advisory quietly updated to state that CVE-2023-48788 (9.8 critical, disclosed 12 March 2024 by Fortinet, Proof of Concept by Horizon3) is being exploited in the wild. 🔗 fortiguard.fortinet.com/psirt/

    cc: @todb

    #CVE_2023_48788 #FortiClientEMS #Fortinet #eitw #activeexploitation #vulnerability

    #cve_2023_48788 #forticlientems #fortinet #eitw #activeexploitation #vulnerability