CVE-2024-32119
MEDIUMDescription
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | forticlientems |
| fortinet | forticlientems |
| fortinet | forticlientems |
| fortinet | forticlientems |
| fortinet | forticlientems |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-32119? +
How severe is CVE-2024-32119? +
What products are affected by CVE-2024-32119? +
How do I check if I'm vulnerable to CVE-2024-32119? +
Related Vulnerabilities
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated …
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token …
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker …
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote …
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system …