Improper Authentication Vulnerability in Fortinet FortiClientEMS
CVE-2024-32119

4.6MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 10 June 2025

What is CVE-2024-32119?

A vulnerability exists in Fortinet FortiClientEMS versions 7.4.0 and earlier than 7.2.4 due to improper authentication methods. This flaw allows an unauthenticated attacker, possessing knowledge of the targeted user's FCTUID and VDOM, to execute unauthorized operations such as uploading or tagging actions on behalf of the user via specially crafted TCP requests. Organizations using these versions should prioritize addressing this vulnerability to ensure their systems remain secure.

Affected Version(s)

FortiClientEMS 7.4.0

FortiClientEMS 7.2.0 <= 7.2.4

FortiClientEMS 7.0.0 <= 7.0.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-375

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 11, 2024