This alert has been written for the IT teams of organisations and government. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.
Background / What has happened?
ASD’s ACSC is aware of a vulnerability in Fortinet’s FortiClientEMS.
- FortiClientEMS 7.2 to 7.2.2
- FortiClientEMS 7.0 to 7.0.10
CVE-2023-48788 can result in remote code execution by an unauthenticated threat actor to execute unauthorised code or commands via specifically crafted request.
Fortinet reports active exploitation of the vulnerability.
Patches are available for affected versions.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of the FortiClientEMS and apply patches available from Fortinet. See PSIRT | FortiGuard (fortinet.com) for further information and mitigation advice.
Assistance / Where can I go for help?
ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).