CVE-2024-32119
Last modified
CVE-2024-32119 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlientems | >= 6.2.0, <= 6.2.9 |
| Fortinet | Forticlientems | >= 6.4.0, <= 6.4.9 |
| Fortinet | Forticlientems | >= 7.0.0, <= 7.0.13 |
| Fortinet | Forticlientems | >= 7.2.0, < 7.2.5 |
| Fortinet | Forticlientems | 7.4.0 |
References
- https://fortiguard.fortinet.com/psirt/FG-IR-23-375Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-32119?
How severe is CVE-2024-32119?
How do I fix CVE-2024-32119?
Are you affected by CVE-2024-32119?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST