CVE-2024-23106

High

Published: 14 January 2025

Published

14 January 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0099 77.0th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23106 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Fortinet Forticlientems. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 23.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

prevent

Directly enforces limits on consecutive invalid logon attempts to the console, comprehensively preventing brute force authentication attacks as described in the CVE.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the specific improper restriction flaw in affected FortiClientEMS versions, eliminating the vulnerability.

SC-5 Denial-of-service Protection partial match

prevent

Limits the effects of denial-of-service events including brute force authentication attempts via crafted HTTP/HTTPS requests to the console.

NVD Description

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.

Deeper analysisAI

CVE-2024-23106 is an improper restriction of excessive authentication attempts vulnerability (CWE-307) in FortiClientEMS versions 7.2.0 through 7.2.4 and before 7.0.10. The issue stems from inadequate controls on authentication attempts to the FortiClientEMS console, enabling brute force attacks via crafted HTTP or HTTPS requests.

An unauthenticated attacker with network access (AV:N/PR:N) can exploit this vulnerability by repeatedly submitting authentication requests. While the attack requires high complexity (AC:H), success could grant unauthorized access to the console, leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

The Fortinet PSIRT advisory FG-IR-23-476 at https://fortiguard.fortinet.com/psirt/FG-IR-23-476 provides details on mitigation and patches for this vulnerability.

Details

CWE(s): CWE-307

Affected Products

fortinet

forticlientems

6.2.0 — 6.2.9 · 6.4.0 — 6.4.9 · 7.0.0 — 7.0.11

CVEs Like This One

CVE-2026-21643Same product: Fortinet Forticlientems

CVE-2025-59922Same product: Fortinet Forticlientems

CVE-2026-35616Same product: Fortinet Forticlientems

CVE-2024-27778Same vendor: Fortinet

CVE-2024-48885Same vendor: Fortinet

CVE-2024-52960Same vendor: Fortinet

CVE-2026-22153Same vendor: Fortinet

CVE-2024-45328Same vendor: Fortinet

CVE-2024-54018Same vendor: Fortinet

CVE-2024-26006Same vendor: Fortinet

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-476
Vendor Advisory · psirt@fortinet.com