CVE-2024-23106

Name of the Vulnerable Software and Affected Versions FortiClientEMS versions 7.2.0 through 7.2.4 FortiClientEMS versions prior to 7.0.10

Description The issue is related to an improper restriction of excessive authentication attempts, which may allow an unauthenticated attacker to perform a brute force attack against the FortiClientEMS console. This can be done via crafted HTTP or HTTPS requests.

Recommendations For FortiClientEMS versions 7.2.0 through 7.2.4, consider updating to a version outside of this range to mitigate the risk. For FortiClientEMS versions prior to 7.0.10, consider updating to version 7.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the FortiClientEMS console to minimize the risk of exploitation.