Back

SQL Injection Vulnerabilities in FortiClient EMS and FortiDDoS-F

Severity: Medium (Score: 51.9)

Sources: www.fortiguard.com

Summary

Two SQL injection vulnerabilities have been identified in Fortinet products: FortiClient EMS and FortiDDoS-F. The vulnerability in FortiClient EMS allows authenticated attackers to execute arbitrary SQL queries on the database via crafted requests. Fortinet has remediated this issue in FortiClient Cloud and FortiSASE, requiring no action from customers. Similarly, the vulnerability in FortiDDoS-F also permits authenticated attackers to run arbitrary SQL queries through crafted HTTP requests. The affected versions of FortiDDoS-F are 7.2.1 and 7.2.2. Customers using these versions should be aware of the potential risks. No specific CVEs were mentioned for these vulnerabilities in the articles. The current status indicates that remediation has been implemented for FortiClient EMS, while FortiDDoS-F remains vulnerable without a patch mentioned. Key Points: • SQL injection vulnerabilities found in FortiClient EMS and FortiDDoS-F. • Fortinet has patched the FortiClient EMS vulnerability; no action needed from users. • FortiDDoS-F versions 7.2.1 and 7.2.2 remain vulnerable to SQL injection attacks.

Key Entities

  • Sql Injection (attack_type)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • FortiClient Cloud (platform)
  • FortiClient EMS (platform)
  • FortiDDoS-F (platform)
  • FortiSASE (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed