CVE-2024-36510

MEDIUM

FortiClientEMS/FortiSOAR <7.5.0 - Info Disclosure

Title source: llm

Description

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-071

Scores

CVSS v3 5.3

EPSS 0.0039

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-204 CWE-203

Status published

Products (4)

fortinet/forticlientems 7.4.0

fortinet/forticlientems 7.0.0 - 7.2.5

fortinet/fortisoar 7.5.0

fortinet/fortisoar 6.4.0 - 7.3.3

Published Jan 14, 2025

Tracked Since Feb 18, 2026