Skip to main content

Forticlient EMS flaw actively exploited in the wild

An improper neutralization of special elements used in a SQL command in Fortinet’s FortiClient EMS version 7.2.0 through 7.2.2. FortiClient EMS 7.0.1 through 7.0.10 allows attackers to execute unauthorized code or commands via specially crafted packets. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all Sys and network admins to review and implement the appropriate patches. The details of the updates can be found here.