SB2025061109 - Improper Authentication in FortiClientEMS
Published: June 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authentication (CVE-ID: CVE-2024-32119)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The vulnerability exists due to improper authentication. An unauthenticated attacker with the knowledge of the targeted user's fctuid and vdom can perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
Remediation
Install update from vendor's website.