Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Andrzej_PL
New Contributor III

Created on ‎11-28-2024 05:31 AM

FortiClientEMS v7.2.6 - CVE-2024-11236 Out of Bounds Write Vulnerability

Hi,

I'm testing the FortiClient EMS solution on a trial license. After updating to version 7.2.6, the system detected the PHP CVE-2024-11236 Out of Bounds Write Vulnerability. Is there a way to report this to have the vulnerable application version updated?

Labels:
2754
0 Kudos
1 Solution
dingjerry_FTNT
Staff
Staff

Created on ‎12-02-2024 01:45 PM

Hi @Andrzej_PL ,

 

Thanks for reporting this vulnerability.

 

We have this Mantis 1089768 tracking this issue.  The fix will be included in FortiClient EMS 7.2.7 GA.

Regards,

Jerry

View solution in original post

2507
9 REPLIES 9
sjoshi
Staff
Staff

Created on ‎11-28-2024 05:51 AM

Hi,

 

Please refer:-

https://www.fortiguard.com/encyclopedia/endpoint-vuln/82436

 

I do not see forticlient ems is affected

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi
2743
Andrzej_PL
New Contributor III
In response to sjoshi

Created on ‎11-28-2024 06:10 AM

ok but it is scan result on ems server - version 7.2.6 is windows platform

 

Zrzut ekranu 2024-11-28 150916.png

2733
0 Kudos
sjoshi
Staff
Staff
In response to Andrzej_PL

Created on ‎11-28-2024 10:06 AM

This Forticlient is install in the wins server where EMS server is setup?

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi
2683
0 Kudos
Andrzej_PL
New Contributor III
In response to sjoshi

Created on ‎11-28-2024 11:18 AM

exactly

2677
0 Kudos
Andrzej_PL
New Contributor III
In response to Andrzej_PL

Created on ‎12-02-2024 01:24 PM

so... any ideas?

2512
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎12-02-2024 01:45 PM

Hi @Andrzej_PL ,

 

Thanks for reporting this vulnerability.

 

We have this Mantis 1089768 tracking this issue.  The fix will be included in FortiClient EMS 7.2.7 GA.

Regards,

Jerry
2508
Andrzej_PL
New Contributor III
In response to dingjerry_FTNT

Created on ‎12-13-2024 01:08 AM

Hi,

unfortunately, the problem remains in the new client version 7.2.7 - the version of the php application with the given vulnerability is still used. php.exe must be in version 8.3.14, and it is in 8.3.13

 

Zrzut ekranu 2024-12-13 100626.pngZrzut ekranu 2024-12-13 095428.pngZrzut ekranu 2024-12-13 095344.png

2264
CARCAL
New Contributor II

Created on ‎08-09-2025 10:16 AM

Hi,

Unfortunately, the problem still remains in the new client version 7.2.11.1241 - The version of the php application with the given vulnerability is 8.3.14, as you can see below.

 

In the same machine with Windows Server 2022 I also have installed FortiClient EMS Console 7.2.10 build 1222 version.

 

PHP CVE FortiClient Medium.png

 

PHP CVE FortiClient High.png

 

 

391
0 Kudos
funkylicious
SuperUser
SuperUser
In response to CARCAL

Created on ‎08-09-2025 10:23 AM

maybe its time for EMS 7.4.x which runs on Ubuntu 

"jack of all trades, master of none"
"jack of all trades, master of none"
384
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.