{ "id": "CVE-2024-36510", "sourceIdentifier": "psirt@fortinet.com", "published": "2025-01-14T14:15:30.737", "lastModified": "2025-01-31T16:30:50.753", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses." }, { "lang": "es", "value": "Una vulnerabilidad de discrepancia de respuesta observable [CWE-204] en FortiClientEMS 7.4.0, 7.2.0 a 7.2.4, 7.0 todas las versiones, y FortiSOAR 7.5.0, 7.4.0 a 7.4.4, 7.3.0 a 7.3.2, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante no autenticado enumere usuarios v\u00e1lidos mediante la observaci\u00f3n de las respuestas de las solicitudes de inicio de sesi\u00f3n." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@fortinet.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "psirt@fortinet.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-204" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-203" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.2.5", "matchCriteriaId": "D79D035D-4F5F-439B-82C3-C640086C7B40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "22665641-9DD6-42BB-81E2-52E03153E114" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "7.3.3", "matchCriteriaId": "3ECE9A3F-7C5F-4A34-ABB2-CD4E1997CE0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.5", "matchCriteriaId": "265BEE92-3FBB-4033-A77A-E112C9DE9862" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCA9F69D-D91E-4450-97BD-D9566EA7B649" } ] } ] } ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071", "source": "psirt@fortinet.com", "tags": [ "Vendor Advisory" ] } ] }