CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW

FortiClient Enterprise Management Server Vulnerability Audit – CVE-2023-48788

Software Vulnerability

Discover FortiClient Installations Vulnerable to CVE-2023-48788 in Your IT Estate

Fortinet has released updates for several versions of FortiClient Enterprise Management Server (FortiClientEMS) in response to a critical SQL Injection vulnerability. The vulnerability may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.

There is no mention that the vulnerability has been exploited yet. You can read more about the vulnerability in the FortiClient CVE-2023-48788 vulnerability blog post.

forticlient vulnerability report example

FortiClient EMS CVE-2023-48788 Vulnerability Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
Software.softwareName As Software,
Software.softwareVersion As Version,
Software.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
Coalesce(tsysOS.OSname, tblSccmAsset.OsCaption,
tblSccmAsset.OperatingSystemNameandVersion) As OS,
tblAssets.Version As OSVersion,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen As [Last successful scan],
tblAssets.Lasttried As [Last scan attempt]
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select tblsoftware.assetid,
tblSoftwareUni.softwareName,
tblsoftware.softwareVersion,
Case
When
((Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 7 And
Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 2 And
Cast(ParseName(tblsoftware.softwareVersion, 2) As int) BETWEEN 0 and 2) 
OR
(Cast(ParseName(tblsoftware.softwareVersion, 4) As int) = 7 And
Cast(ParseName(tblsoftware.softwareVersion, 3) As int) = 0 And
Cast(ParseName(tblsoftware.softwareVersion, 2) As int) BETWEEN 1 and 10)) Then 1
Else 0
End As [out of date],
tblSoftwareUni.SoftwarePublisher
From tblsoftware
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblsoftware.softID
Where tblSoftwareUni.softwareName Like '%Endpoint Management Server%' And
tblSoftwareUni.SoftwarePublisher Like '%Fortinet%') As Software On
Software.AssetID = tblAssets.AssetID
Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Outer Join tblSccmAsset On tblAssets.AssetID = tblSccmAsset.AssetId
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where Software.softwareName Like '%Endpoint Management Server%' And
Software.SoftwarePublisher Like '%Fortinet%' And tblState.Statename = 'Active'
And Software.[out of date] = 1 and tblassets.Assettype = -1

Show

Hide

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.