<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1476681674;
mso-list-template-ids:654202416;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1478107266;
mso-list-template-ids:-1425874406;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1580210382;
mso-list-type:hybrid;
mso-list-template-ids:487911842 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1595164082;
mso-list-type:hybrid;
mso-list-template-ids:657128946 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif;color:red">NOTE: **Updates will be italicized and red**<o:p></o:p></span></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Good afternoon,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">The SOC Services team is reporting on the vulnerability:
<b>CVE-2026-21643: Fortinet FortiClient EMS Vulnerability</b>. </span><span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Because this flaw has been confirmed to be exploited in the wild and was added to the CISA KEV catalog on April 13, 2026,
we are providing this in-depth information..<b><span style="background:yellow;mso-highlight:yellow"><o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">History:</span></u></b><span style="font-family:"Calibri",sans-serif"> Disclosed by Fortinet PSIRT on February 6, 2026, this vulnerability has been assigned a CVSS 3.X base score of 9.8
by Fortinet, Inc.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Affected Versions<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo1"><span style="font-family:"Calibri",sans-serif">FortiClientEMS 7.4.4 in multitenant mode<o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Fixed Versions<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo2"><span style="font-family:"Calibri",sans-serif">FortiClientEMS Upgrade to 7.4.5 or above
<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">*FortiClientEMS 7.2 and 8.0 are not affected by this vulnerability.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">An improper neutralization of special elements in SQL commands (CWE-89) allows an unauthenticated remote attacker to execute unauthorized code or commands via specifically crafted HTTP requests
to the administrative interface<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Vendor Advisory:
</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://fortiguard.fortinet.com/psirt/FG-IR-25-1142"><span style="color:blue;background:white">FG-IR-25-1142: FortiClientEMS - SQL injection in Site-related HTTP requests</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">Intelligence:</span></u></b><span style="font-family:"Calibri",sans-serif"> On March 30, 2026, the vulnerability was announced as being exploited by multiple news organizations.
<i><span style="color:red">On April 13, 2026, CISA confirmed the vulnerability in the Known Exploited Vulnerabilities Catalog</span></i>.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Exploitability Level:</span></b><span style="font-family:"Calibri",sans-serif">
<i><span style="color:red">Network Exploitability</span></i><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Complexity:</span></b><span style="font-family:"Calibri",sans-serif"> Low<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">User Interaction:</span></b><span style="font-family:"Calibri",sans-serif"> None<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Remotely Exploitable:</span></b><span style="font-family:"Calibri",sans-serif"> Yes<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Proof of Concept:</span></b><span style="font-family:"Calibri",sans-serif"> Yes<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif">Zero Day:</span></b><span style="font-family:"Calibri",sans-serif"> No<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">Workarounds:</span></u></b><span style="font-family:"Calibri",sans-serif">
<i><span style="color:red">Restrict network access to the FortiClientEMS management interface to trusted administrative IP addresses only; Place the management server behind a Web Application Firewall (WAF) with SQL injection filtering enabled.<span style="background:yellow;mso-highlight:yellow"><o:p></o:p></span></span></i></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">How it Works:</span></u></b><span style="font-family:"Calibri",sans-serif">
<i><span style="color:red">The vulnerability exists in pre-authentication endpoints such as /api/v1/init_consts</span></i>. When the EMS web interface processes an HTTP request, it uses a specific header (often the "Site" header in multi-tenant mode) to determine
the database schema. An attacker can break out of the single quotes in this header to inject arbitrary SQL commands.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">Post-Exploit Impact:</span></u></b><span style="font-family:"Calibri",sans-serif">
<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Remote Code Execution (CWE:89)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Complete System Compromise and Data Exfiltration (CWE:89)<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="background:white"><b><u><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Indicators of Compromise (IoCs):</span></u></b><b><u><span style="font-family:"Calibri",sans-serif;mso-ligatures:none"><o:p></o:p></span></u></b></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1086" style="width:814.2pt;background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="border:solid windowtext 1.0pt;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Type<o:p></o:p></span></b></p>
</td>
<td style="border:solid windowtext 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Value<o:p></o:p></span></b></p>
</td>
<td width="608" style="width:456.05pt;border:solid windowtext 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Description / Notes<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">Network Traffic<o:p></o:p></span></i></b></p>
</td>
<td style="border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">/api/v1/init_consts<o:p></o:p></span></i></p>
</td>
<td width="608" style="width:456.05pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">Unusual HTTP 500 errors or repeated rapid requests to this pre-auth endpoint<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">Tenable Plugins:</span></u></b><b><span style="font-family:"Calibri",sans-serif">
</span></b><span style="font-family:"Calibri",sans-serif">As of April 13, 2026, Tenable has released the following plugins for this vulnerability.<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1085" style="width:814.1pt;background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="border:solid windowtext 1.0pt;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Plugin ID<o:p></o:p></span></b></p>
</td>
<td style="border:solid windowtext 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Plugin Name<o:p></o:p></span></b></p>
</td>
<td width="290" style="width:217.6pt;border:solid windowtext 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Severity<o:p></o:p></span></b></p>
</td>
<td width="318" valign="top" style="width:238.5pt;border:solid windowtext 1.0pt;border-left:none;background:#F2F2F2;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none">Platform<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td style="border:solid windowtext 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none"><a href="https://www.tenable.com/plugins/nessus/304507"><span style="color:red">304507</span></a><o:p></o:p></span></i></p>
</td>
<td style="border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)<o:p></o:p></span></i></p>
</td>
<td width="290" style="width:217.6pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><i><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">Critical<o:p></o:p></span></i></p>
</td>
<td width="318" valign="top" style="width:238.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;background:transparent;padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:red;mso-ligatures:none">Nessus<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-family:"Calibri",sans-serif">Recommended Actions:<o:p></o:p></span></u></b></p>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Upgrade to fixed versions immediately<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Apply appropriate updates provided by the vendor to vulnerable systems after testing.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Run all software as a non-privileged user to reduce the impact of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4;background:white">
<span style="font-family:"Calibri",sans-serif;mso-ligatures:none">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span style="font-size:11.0pt">EIS Security Operations Center</span></b><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Enterprise Information Services<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Cyber Security Services | CSS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">SOC Hotline: (503) 378-5930<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="mailto:SOC@EIS.OREGON.GOV">SOC@EIS.OREGON.GOV</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-ligatures:none"><img border="0" width="54" height="54" style="width:.5625in;height:.5625in" id="Picture_x0020_2" src="cid:image007.png@01DCCB47.1253A360"></span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt;mso-ligatures:none"><img border="0" width="205" height="53" style="width:2.1354in;height:.552in" id="Picture_x0020_1" src="cid:image006.png@01DCCB47.1253A360"></span><span style="font-size:11.0pt"> <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>