CVE-2024-36506: An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
fortinet	forticlientems	—	—
fortinet	forticlientems	—	—
fortinet	forticlientems	>= 6.4.0 < 7.2.5	7.2.5
fortinet	forticlientems	6.4.0 – 6.4.4	—
fortinet	forticlientems	6.4.7 – 6.4.9	—
fortinet	forticlientems	7.0.0 – 7.0.13	—
fortinet	forticlientems	7.2.0 – 7.2.4	—
fortinet	forticlientems_cloud	—	—
fortinet	forticlientems_cloud	>= 6.4.0 < 7.2.5	7.2.5
fortinet	forticlientemscloud	—	—