CVE-2024-36510

🗓️ 14 Jan 2025 14:09:49Reported by fortinetType

Unauthenticated attackers can exploit response discrepancies in FortiClientEMS and FortiSOAR versions.

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the graphical interface of the Fortinet FortiSOAR software for coordinating the operation of cybersecurity systems and for managing real-time incident responses allows attackers to gain unauthorized access to protected information.	22 Jul 202500:00	–	bdu_fstec
Circl	CVE-2024-36510	14 Jan 202514:17	–	circl
CNNVD	Fortinet FortiClientEMS和FortiSOAR 安全漏洞	14 Jan 202500:00	–	cnnvd
Cvelist	CVE-2024-36510	14 Jan 202514:09	–	cvelist
EUVD	EUVD-2024-36369	3 Oct 202520:07	–	euvd
NVD	CVE-2024-36510	14 Jan 202514:15	–	nvd
Positive Technologies	PT-2025-2455 · Fortinet · Fortisoar +1	14 Jan 202500:00	–	ptsecurity
Vulnrichment	CVE-2024-36510	14 Jan 202514:09	–	vulnrichment

NVD

Node

fortinet forticlientemsRange7.0.0–7.2.5

fortinet forticlientemsMatch7.4.0

fortinet fortisoarRange6.4.0–7.3.3

fortinet fortisoarRange7.4.0–7.4.5

fortinet fortisoarMatch7.5.0

[
  {
    "vendor": "Fortinet",
    "product": "FortiClientEMS",
    "cpes": [],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.13",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiSOAR",
    "cpes": [
      "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.5.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.3.0",
        "lessThanOrEqual": "7.3.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.3",
        "lessThanOrEqual": "6.4.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-24-071

31 Jan 2025 16:30Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.3

EPSS0.00465

SSVC

cve-2024-36510 forticlientems fortisoar vulnerability user enumeration authentication issue