CVE-2024-23106
Published: 14 January 2025
Summary
CVE-2024-23106 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Fortinet Forticlientems. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-23106 is an improper restriction of excessive authentication attempts vulnerability (CWE-307) in FortiClientEMS versions 7.2.0 through 7.2.4 and before 7.0.10. The issue stems from inadequate controls on authentication attempts to the FortiClientEMS console, enabling brute force attacks via crafted HTTP or HTTPS requests.
An unauthenticated attacker with network access (AV:N/PR:N) can exploit this vulnerability by repeatedly submitting authentication requests. While the attack requires high complexity (AC:H), success could grant unauthorized access to the console, leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
The Fortinet PSIRT advisory FG-IR-23-476 at https://fortiguard.fortinet.com/psirt/FG-IR-23-476 provides details on mitigation and patches for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20631
Vulnerability details
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables brute-force authentication attacks against a remote management console due to missing rate limiting on login attempts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces limits on consecutive invalid logon attempts to the console, comprehensively preventing brute force authentication attacks as described in the CVE.
Requires timely identification, reporting, and patching of the specific improper restriction flaw in affected FortiClientEMS versions, eliminating the vulnerability.
Limits the effects of denial-of-service events including brute force authentication attempts via crafted HTTP/HTTPS requests to the console.