PT-2025-2454 · Fortinet · Forticlientems
Published
2025-01-14
·
Updated
2025-01-14
·
CVE-2024-36506
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
FortiClientEMS versions 6.4.0 through 7.0.x
FortiClientEMS versions 7.2.0 through 7.2.4
FortiClientEMS version 7.4.0
Description:
The issue is related to an improper verification of the source of a communication channel, which may allow a remote attacker to bypass the trusted host feature via a session connection. This could potentially affect a significant number of devices worldwide.
Recommendations:
For FortiClientEMS versions 6.4.0 through 7.0.x, update to a version that includes the fix for this issue.
For FortiClientEMS versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue.
For FortiClientEMS version 7.4.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the trusted host feature until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forticlientems