Fortinet FortiClient and FortiSOAR User Enumeration Vulnerability

Vulnerability

A vulnerability allowing user enumeration through response timing discrepancies has been identified in Fortinet FortiClient EMS versions 7.4.0, 7.2.0 prior to 7.2.4, 7.0 all versions, and Fortinet FortiSOAR versions 7.5.0, 7.4.0 prior to 7.4.4, 7.3.0 prior to 7.3.2, 7.2 all versions, 7.0 all versions, and 6.4 all versions. This vulnerability allows an unauthenticated attacker to identify valid users by analyzing the differences in login request responses.

Impact

Exploitation of this vulnerability could lead to unauthorized user enumeration, allowing attackers to identify valid usernames which could be used in further attacks, such as password guessing or phishing.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClient and FortiSOAR User Enumeration Vulnerability

Vulnerability

Impact

Affected Products

Fortinet FortiSOAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating