Main Vulnerability Database Vulnerabilities #VU111044

Improper Authentication in FortiClientEMS - CVE-2024-32119

Published: June 11, 2025

Vulnerability identifier: #VU111044

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-32119

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiClientEMS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The vulnerability exists due to improper authentication. An unauthenticated attacker with the knowledge of the targeted user's fctuid and vdom can perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.

How to mitigate CVE-2024-32119

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-23-375

Improper Authentication in FortiClientEMS - CVE-2024-32119

Detailed vulnerability description

How to mitigate CVE-2024-32119

Sources

Please verify you're human