First published: 22 Mar 2024
Last updated: 22 Mar 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

This alert has been written for the IT teams of organisations and government. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

Background  / What has happened?

ASD’s ACSC is aware of a vulnerability in Fortinet’s FortiClientEMS.

  • FortiClientEMS 7.2 to 7.2.2
  • FortiClientEMS 7.0 to 7.0.10

CVE-2023-48788 can result in remote code execution by an unauthenticated threat actor to execute unauthorised code or commands via specifically crafted request. 

Fortinet reports active exploitation of the vulnerability.

Patches are available for affected versions.

Mitigation / How do I stay secure?

Australian organisations should review their networks for use of vulnerable instances of the FortiClientEMS and apply patches available from Fortinet. See PSIRT | FortiGuard (fortinet.com) for further information and mitigation advice.

Assistance / Where can I go for help?

ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?