Fortinet patches critical zero-day vulnerability under active attack

April 10, 20262 min read1 sources
Share:
Fortinet patches critical zero-day vulnerability under active attack

Fortinet has released an emergency security update to address a critical vulnerability in its FortiClient Enterprise Management Server (EMS) that is being actively exploited in the wild. The flaw, identified as CVE-2023-35616, is an authentication bypass that allows an unauthenticated attacker to achieve remote code execution on vulnerable servers.

The vulnerability carries a CVSS score of 9.8 out of 10, reflecting its maximum severity. According to Fortinet's advisory, the flaw exists in a specific API endpoint, enabling an attacker to bypass authentication and execute arbitrary code with high privileges. The attack can be launched remotely over a network and requires no user interaction. Affected versions include FortiClient EMS 7.2.0 through 7.2.2 and 7.0.1 through 7.0.7.

The impact of a successful exploit is severe. FortiClient EMS is a centralized management platform used to deploy and control endpoint security software across an organization’s entire network. By compromising the EMS server, an attacker could gain a powerful foothold to deploy ransomware, exfiltrate sensitive data, or pivot to other critical systems. Organizations with publicly exposed EMS instances face the most immediate risk of attack.

This incident is the latest in a series of high-severity vulnerabilities discovered in Fortinet products that have been quickly weaponized by threat actors. The company strongly urges all customers using affected versions to update immediately to the patched releases, which are FortiClient EMS 7.2.3 and 7.0.8 or later. Due to the confirmed in-the-wild exploitation, administrators should prioritize applying the patch and are advised to review server logs for any signs of compromise or unusual API requests.

Share:

// SOURCES

// RELATED

Meta settles bellwether lawsuit alleging addictive design harmed student mental health

Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological

6 min readMay 24

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network

A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.

6 min readMay 23

MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems

A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk

6 min readMay 18

The ransomware dilemma: why more than half of security chiefs would pay the price

A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.

6 min readMay 16