CVE-2024-32119

EUVD-2024-29940
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
fortinetCNA
4.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
fortinetforticlientems
6.2.0 ≤
𝑥
≤ 6.2.9
fortinetforticlientems
6.4.0 ≤
𝑥
≤ 6.4.9
fortinetforticlientems
7.0.0 ≤
𝑥
≤ 7.0.13
fortinetforticlientems
7.2.0 ≤
𝑥
< 7.2.5
fortinetforticlientems
7.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-23-375