CVE-2024-36510

CWE-204 CWE-2034 documents4 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 40.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlientems Fortinet Fortisoar

Timeline

PublishedJan 14

Description

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDfortinet/fortisoar6.4.0 — 7.3.3+2

▶NVDfortinet/forticlientems7.0.0 — 7.2.5+1

▶CVEListV5fortinet/fortisoar7.4.0 — 7.4.4+6

▶CVEListV5fortinet/forticlientems7.2.0 — 7.2.4+1

🔴Vulnerability Details

GHSA

GHSA-g58r-fcx4-mv8r: An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7↗2025-01-14

▶

CVEList

CVE-2024-36510: An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all version...↗2025-01-14

▶