1 min Security

Fortinet warns vulnerability in FortiClientEMS is exploited in the wild

Fortinet warns vulnerability in FortiClientEMS is exploited in the wild

Fortinet is warning users of the Fortinet FortiClient Enterprise Management Server (EMS) about the active misuse of a critical vulnerability in the product. The vulnerability allows hackers to run code through the system without having physical access to the device.

The vulnerability was reported on Feb. 22, according to Fortinet. Affected users were also given immediate access to an update that would close the vulnerability.

Proof-of-concept shows how simple exploitation is

Companies that have not yet installed the security updates are currently at risk. Fortinet is warning of active exploitation of the SQL Injection vulnerability. This means that hackers force commands or code through the systems. This is possible without authentication and without physical access to the systems. So, the exploitation is quite easy.

Horizon3.ai published a proof-of-concept yesterday that demonstrates how exploitation is possible. Fortinet then reportedly added to the security vulnerability notification that the vulnerability is actively exploited.

FortiClientEMS

The vulnerability affects FortiClient EMS versions 7.2.0 to 7.2.2 and versions 7.0.1 to 7.0.10. The solution is deployed by companies to allow remote management of FortiClient software. It provides a central location for managing all connected endpoints.

Also read: Fortinet wants users of several SSL VPNs to update