CVE-2024-36510

Summary

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.2.0 <= 7.2.4affected
FortinetFortiClientEMS7.0.0 <= 7.0.13affected
FortinetFortiSOAR7.5.0affected
FortinetFortiSOAR7.4.0 <= 7.4.4affected
FortinetFortiSOAR7.3.0 <= 7.3.2affected
FortinetFortiSOAR7.2.0 <= 7.2.2affected
FortinetFortiSOAR7.0.0 <= 7.0.3affected
FortinetFortiSOAR6.4.3 <= 6.4.4affected
FortinetFortiSOAR6.4.0 <= 6.4.1affected

Weaknesses

  • CWE-204: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References