CVE-2024-32119 — Weak Authentication in Fortinet Forticlientems

CWE-1390 — Weak Authentication4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 88.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlientems

Timeline

PublishedJun 10

Description

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

▶NVDfortinet/forticlientems7.2.0 — 7.2.5+4

▶CVEListV5fortinet/forticlientems7.2.0 — 7.2.4+6

🔴Vulnerability Details

CVEList

CVE-2024-32119: An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7↗2025-06-10

▶

GHSA

GHSA-hcp3-9rg5-2f9p: An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7↗2025-06-10

▶

📋Vendor Advisories

Fortinet

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an u...↗2025-06-10

▶