Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE', 'Description' = %q An SQLi injection vulnerability exists in FortiNet...

CVE-2023-48788

A improper neutralization of special elements used in an sql command ‘sql injection’ in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. Recent assessments: jheysel-r7 a...

Certificate chain no longer works correctly on Endpoint Management Server, devices fail to connect

You may notice that a certificate is soon to expire on Endpoint Management Server. After obtaining a new certificate, devices no longer connect. Inspecting the logs on the client show that there is now a certificate trust error, even though the new certificate is valid...