216.73.217.172

CVE-2024-36510

· Published 14/01/2025 14:15 · Modified 31/01/2025 16:30

Labels: CVE-2024-36510 2025-01-14CVE-2024-36510CWE-203CWE-204[email protected]

Essential information

Published
14/01/2025 14:15
Modified
31/01/2025 16:30
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / forticlientems cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*
fortinet / forticlientems cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
fortinet / fortisoar cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
fortinet / fortisoar cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
fortinet / fortisoar cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*

References