CVE-2024-36506

CWE-9404 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 47.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientemsFortinet Forticlientems Cloud
Timeline
PublishedJan 14

Description

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

NVDfortinet/forticlientems6.4.07.2.5+1
NVDfortinet/forticlientems_cloud6.4.07.2.5+1
CVEListV5fortinet/forticlientems7.2.07.2.4+4

🔴Vulnerability Details

2
GHSA
GHSA-q6h8-qgxm-m9pc: An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 72025-01-14
CVEList
CVE-2024-36506: An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 72025-01-14

📋Vendor Advisories

1
Fortinet
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 thr...2025-01-14
CVE-2024-36506 (MEDIUM CVSS 5.3) | An improper verification of source | cvebase.io