Fortinet FortiClientEMS: Improper verification of source of a communication channel in administrative interface (CVE-2024-36506)

Fortinet FortiClientEMS: Improper verification of source of a communication channel in administrative interface (CVE-2024-36506)

Severity

3

CVSS

(AV:N/AC:H/Au:N/C:N/I:P/A:N)

Published

01/14/2025

Created

01/16/2025

Added

01/15/2025

Modified

01/15/2025

Description

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS may allow a remote attacker to bypass the trusted host feature via session connection.

Solution(s)

• fortinet-forticlientems-upgrade-latest

References

• https://attackerkb.com/topics/cve-2024-36506
• CVE - 2024-36506
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36506
• https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-36506
• https://www.fortiguard.com/psirt/FG-IR-24-078