FortiClient Enterprise Management Server Vulnerability Audit – CVE-2023-48788
Software VulnerabilityDiscover FortiClient Installations Vulnerable to CVE-2023-48788 in Your IT Estate
Fortinet has released updates for several versions of FortiClient Enterprise Management Server (FortiClientEMS) in response to a critical SQL Injection vulnerability. The vulnerability may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.
There is no mention that the vulnerability has been exploited yet. You can read more about the vulnerability in the FortiClient CVE-2023-48788 vulnerability blog post.
FortiClient EMS CVE-2023-48788 Vulnerability Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, Software.softwareName As Software, Software.softwareVersion As Version, Software.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, Coalesce(tsysOS.OSname, tblSccmAsset.OsCaption, tblSccmAsset.OperatingSystemNameandVersion) As OS, tblAssets.Version As OSVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen As [Last successful scan], tblAssets.Lasttried As [Last scan attempt] From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join (Select tblsoftware.assetid, tblSoftwareUni.softwareName, tblsoftware.softwareVersion, Case When ((Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 7 And Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 2 And Cast(ParseName(tblsoftware.softwareVersion, 2) As int) BETWEEN 0 and 2) OR (Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 7 And Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 0 And Cast(ParseName(tblsoftware.softwareVersion, 2) As int) BETWEEN 1 and 10)) Then 1 Else 0 End As [out of date], tblSoftwareUni.SoftwarePublisher From tblsoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblsoftware.softID Where tblSoftwareUni.softwareName Like '%Endpoint Management Server%' And tblSoftwareUni.SoftwarePublisher Like '%Fortinet%') As Software On Software.AssetID = tblAssets.AssetID Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Outer Join tblSccmAsset On tblAssets.AssetID = tblSccmAsset.AssetId Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where Software.softwareName Like '%Endpoint Management Server%' And Software.SoftwarePublisher Like '%Fortinet%' And tblState.Statename = 'Active' And Software.[out of date] = 1 and tblassets.Assettype = -1