CVE-2024-32119 MEDIUM

CVE-2024-32119

Vendor Fortinet
Product FortiClientEMS
Weakness CWE-1390
Published June 10, 2025
Last update June 10, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C

What the vulnerability does

01Description

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated