CVE-2024-36506

Medium

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all…

fortinet·CWE-940·Published 2025-01-14

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

253 chars

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.

NVDen

253 chars

NVDes

296 chars

Una verificación incorrecta de la fuente de una vulnerabilidad del canal de comunicación [CWE-940] en FortiClientEMS 7.4.0, 7.2.0 a 7.2.4, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante remoto omita la función de host confiable a través de una conexión de sesión.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.1	Primary	cve.org	3.5	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C