The Horizon3.ai Attack Research team has just published “CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X” which discusses the differences in exploitation between FortiClient EMS’s two mainline versions: 7.0.x and 7.2.x. Today’s post updates an SQL injection exploit analysis for Fortinet FortiClient EMS.
Horizon3.ai Senior N-Day Vulnerability Researcher Luke Harding details exploitation obstacles and payload crafting between the two mainline versions of the software. It is an update to Horizon3.ai’s March 21, 2024 post “CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive” and POC which as it turns out only worked on 7.0.x versions.
Harding notes “When writing exploits for different versions of vulnerable software, the differences in the exploit are usually small, such as different offsets, renamed parameters, or changed endpoints. Exploitation of the 7.2.x attack path for CVE-2023-48788 was an interesting challenge, because the core vulnerability and endpoint being attacked were the same, but the code path traversed was largely different.”
Harding walks through the updated exploit in the post which is online now.
Like this:
Like Loading...
Related
This entry was posted on June 5, 2024 at 9:40 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Revisits Fortinet FortiClient EMS to Exploit 7.2.X (CVE-2023-48788)
The Horizon3.ai Attack Research team has just published “CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X” which discusses the differences in exploitation between FortiClient EMS’s two mainline versions: 7.0.x and 7.2.x. Today’s post updates an SQL injection exploit analysis for Fortinet FortiClient EMS.
Horizon3.ai Senior N-Day Vulnerability Researcher Luke Harding details exploitation obstacles and payload crafting between the two mainline versions of the software. It is an update to Horizon3.ai’s March 21, 2024 post “CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive” and POC which as it turns out only worked on 7.0.x versions.
Harding notes “When writing exploits for different versions of vulnerable software, the differences in the exploit are usually small, such as different offsets, renamed parameters, or changed endpoints. Exploitation of the 7.2.x attack path for CVE-2023-48788 was an interesting challenge, because the core vulnerability and endpoint being attacked were the same, but the code path traversed was largely different.”
Harding walks through the updated exploit in the post which is online now.
Share this:
Like this:
Related
This entry was posted on June 5, 2024 at 9:40 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.