An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
2025-01-14T14:15:28.747
2025-07-16T13:33:49.860
Analyzed
CVSSv3.1: 8.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | forticlientems | ≤ 6.2.9 | Yes |
| Application | fortinet | forticlientems | ≤ 6.4.9 | Yes |
| Application | fortinet | forticlientems | < 7.0.11 | Yes |
| Application | fortinet | forticlientems | < 7.2.5 | Yes |