CVE-2024-32119

Medium

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated…

fortinet·CWE-1390·Published 2025-06-10

CVSS

4.6

EPSS

0.00

KEV

Exploits

cve.orgen

319 chars

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.

NVDen

319 chars

NVDes

343 chars

Una vulnerabilidad de autenticación incorrecta [CWE-287] en Fortinet FortiClientEMS versión 7.4.0 y anteriores a 7.2.4 permite que un atacante no autenticado con conocimiento del FCTUID y VDOM del usuario objetivo realice operaciones como cargar o etiquetar en nombre del usuario objetivo a través de solicitudes TCP especialmente manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C
3.1	Primary	cve.org	4.6	—	—