CVE-2024-23106
published 2025-01-14CVE-2024-23106: An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlientems | — | — |
| fortinet | forticlientems | 6.2.0 – 6.2.9 | — |
| fortinet | forticlientems | 6.2.6 – 6.2.9 | — |
| fortinet | forticlientems | 6.4.0 – 6.4.9 | — |
| fortinet | forticlientems | 6.4.7 – 6.4.9 | — |
| fortinet | forticlientems | >= 7.0.0 < 7.0.11 | 7.0.11 |
| fortinet | forticlientems | 7.0.0 – 7.0.10 | — |
| fortinet | forticlientems | >= 7.2.0 < 7.2.5 | 7.2.5 |
| fortinet | forticlientems | 7.2.0 – 7.2.3 | — |