Main Vulnerability Database Vulnerabilities #VU107354

Observable Response Discrepancy in FortiClientEMS and FortiSOAR - CVE-2024-36510

Published: April 10, 2025 / Updated: May 20, 2025

Vulnerability identifier: #VU107354

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-36510

CWE-ID: CWE-204

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiClientEMS
FortiSOAR

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to observable response discrepancy in authentication component. An unauthenticated attacker can enumerate valid users via observing login request responses.

How to mitigate CVE-2024-36510

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-071

Observable Response Discrepancy in FortiClientEMS and FortiSOAR - CVE-2024-36510

Detailed vulnerability description

How to mitigate CVE-2024-36510

Sources

Please verify you're human