Our friends at Fortinet, https://www.fortinet.com has patched a critical Remote Code Execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.[1]
For
