FortiClientEMS v7.2.6 - CVE-2024-11236 Out of Bounds Write Vulnerability

Andrzej_PL · ‎11-28-2024

Hi,

I'm testing the FortiClient EMS solution on a trial license. After updating to version 7.2.6, the system detected the PHP CVE-2024-11236 Out of Bounds Write Vulnerability. Is there a way to report this to have the vulnerable application version updated?

dingjerry_FTNT · ‎12-02-2024

Hi @Andrzej_PL ,

Thanks for reporting this vulnerability.

We have this Mantis 1089768 tracking this issue. The fix will be included in FortiClient EMS 7.2.7 GA.

Regards,

Jerry

View solution in original post

sjoshi · ‎11-28-2024

Hi,

Please refer:-

https://www.fortiguard.com/encyclopedia/endpoint-vuln/82436

I do not see forticlient ems is affected

Let us know if this helps.
Salon Raj Joshi

Andrzej_PL · ‎11-28-2024

ok but it is scan result on ems server - version 7.2.6 is windows platform

sjoshi · ‎11-28-2024

This Forticlient is install in the wins server where EMS server is setup?

Let us know if this helps.
Salon Raj Joshi

Andrzej_PL · ‎11-28-2024

exactly

Andrzej_PL · ‎12-02-2024

so... any ideas?

dingjerry_FTNT · ‎12-02-2024

Hi @Andrzej_PL ,

Thanks for reporting this vulnerability.

We have this Mantis 1089768 tracking this issue. The fix will be included in FortiClient EMS 7.2.7 GA.

Regards,

Jerry

Andrzej_PL · ‎12-13-2024

Hi,

unfortunately, the problem remains in the new client version 7.2.7 - the version of the php application with the given vulnerability is still used. php.exe must be in version 8.3.14, and it is in 8.3.13

FortiClientEMS v7.2.6 - CVE-2024-11236 Out of Bounds Write Vulnerability

Nominate a Forum Post for Knowledge Article Creation