Main Vulnerability Database Vulnerabilities #VU111044

#VU111044 Improper Authentication in FortiClientEMS - CVE-2024-32119

Published: June 11, 2025

Vulnerability identifier: #VU111044

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-32119

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiClientEMS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The vulnerability exists due to improper authentication. An unauthenticated attacker with the knowledge of the targeted user's fctuid and vdom can perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-23-375

#VU111044 Improper Authentication in FortiClientEMS - CVE-2024-32119

Description

Remediation

External links

Please verify you're human