Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.
The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.…