CVE-2024-36510

Description

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.

Remediation

Solution:

Please upgrade to FortiClientEMS version 7.4.1 or above Please upgrade to FortiClientEMS version 7.2.5 or above Please upgrade to FortiSOAR version 7.6.0 or above Please upgrade to FortiSOAR version 7.5.1 or above Please upgrade to FortiSOAR version 7.4.5 or above Please upgrade to FortiSOAR version 7.3.3 or above

References

Link	Tags
https://fortiguard.fortinet.com/psirt/FG-IR-24-071	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-36510?: CVE-2024-36510 has been scored as a medium severity vulnerability.
How to fix CVE-2024-36510?: To fix CVE-2024-36510: Please upgrade to FortiClientEMS version 7.4.1 or above Please upgrade to FortiClientEMS version 7.2.5 or above Please upgrade to FortiSOAR version 7.6.0 or above Please upgrade to FortiSOAR version 7.5.1 or above Please upgrade to FortiSOAR version 7.4.5 or above Please upgrade to FortiSOAR version 7.3.3 or above
Is CVE-2024-36510 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-36510 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36510?: CVE-2024-36510 affects Fortinet FortiClientEMS, Fortinet FortiSOAR.

Description

Remediation

Categories

CWE-204 – Observable Response Discrepancy

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions