CVE-2024-32119

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 7.2.4 and earlier, Fortinet FortiClientEMS version 7.4.0

Description The issue is related to an improper authentication flaw that allows an unauthenticated attacker, with knowledge of the targeted user's FCTUID and VDOM, to perform certain operations on behalf of the targeted user. This can be achieved by sending specially crafted TCP requests.

Recommendations For Fortinet FortiClientEMS versions 7.2.4 and earlier, and version 7.4.0, consider restricting access to the affected system until a patch is available. As a temporary workaround, consider disabling the ability to upload or tag files on behalf of other users until the issue is resolved. Avoid using the FCTUID and VDOM in unsecured communications to minimize the risk of exploitation.