{"id":86832,"date":"2024-04-11T10:28:56","date_gmt":"2024-04-11T17:28:56","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?post_type=resource&#038;p=86832"},"modified":"2024-04-11T11:50:11","modified_gmt":"2024-04-11T18:50:11","slug":"connectfun-threat-briefing","status":"publish","type":"resource","link":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/","title":{"rendered":"Connect:fun  &#8211; Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"<p>On March 12, 2024 Fortinet published an advisory about CVE-2023-48788, a SQL injection vulnerability in its<br \/>\nFortinet\u2019s FortiClient EMS security management solution. On March 21, researchers released a proof of concept<br \/>\n(PoC) exploit for the vulnerability, and since then, there have been reports of exploits in the wild leading CISA to<br \/>\nadd the CVE to its list of Known Exploited Vulnerabilities (KEV) on March 25.<\/p>\n","protected":false},"author":147,"featured_media":0,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"_links_to":"","_links_to_target":""},"region":[],"resource-type":[425],"resource-solution":[],"resource-industry":[],"resource-category":[],"resource-framework":[],"use-case":[],"language":[],"coauthors":[666],"class_list":["post-86832","resource","type-resource","status-publish","format-standard","hentry","resource-type-forescout-research"],"acf":{"secondary_featured_resource":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout\" \/>\n<meta property=\"og:description\" content=\"On March 12, 2024 Fortinet published an advisory about CVE-2023-48788, a SQL injection vulnerability in its Fortinet\u2019s FortiClient EMS security management solution. On March 21, researchers released a proof of concept (PoC) exploit for the vulnerability, and since then, there have been reports of exploits in the wild leading CISA to add the CVE to its list of Known Exploited Vulnerabilities (KEV) on March 25.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-11T18:50:11+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/\",\"url\":\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/\",\"name\":\"Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"datePublished\":\"2024-04-11T17:28:56+00:00\",\"dateModified\":\"2024-04-11T18:50:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Connect:fun &#8211; Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/","og_locale":"en_US","og_type":"article","og_title":"Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout","og_description":"On March 12, 2024 Fortinet published an advisory about CVE-2023-48788, a SQL injection vulnerability in its Fortinet\u2019s FortiClient EMS security management solution. On March 21, researchers released a proof of concept (PoC) exploit for the vulnerability, and since then, there have been reports of exploits in the wild leading CISA to add the CVE to its list of Known Exploited Vulnerabilities (KEV) on March 25.","og_url":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_modified_time":"2024-04-11T18:50:11+00:00","twitter_card":"summary_large_image","twitter_site":"@Forescout","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/","url":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/","name":"Connect:fun - Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788 - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"datePublished":"2024-04-11T17:28:56+00:00","dateModified":"2024-04-11T18:50:11+00:00","breadcrumb":{"@id":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/resources\/connectfun-threat-briefing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"Connect:fun &#8211; Detailing an exploitation campaign targeting FortiClient EMS via CVE-2023-48788"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]}]}},"featured_media_url":false,"is_file":"application\/pdf","excerpt_manually_set":true,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource\/86832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/147"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=86832"}],"wp:term":[{"taxonomy":"region","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/region?post=86832"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource-type?post=86832"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource-solution?post=86832"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource-industry?post=86832"},{"taxonomy":"resource-category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource-category?post=86832"},{"taxonomy":"resource-framework","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/resource-framework?post=86832"},{"taxonomy":"use-case","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/use-case?post=86832"},{"taxonomy":"language","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/language?post=86832"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=86832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}