CVE-2023-48786

Summary

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.2.0 <= 7.2.2affected
FortinetFortiClientEMS7.0.0 <= 7.0.13affected
FortinetFortiClientEMS6.4.7 <= 6.4.9affected
FortinetFortiClientEMS6.4.0 <= 6.4.4affected

Weaknesses

  • CWE-918: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References