CVE-2017-7344

8.1HIGH

Key Information:

Vendor: Fortinet
Status: Forticlientwindows
Vendor: CVE Published:; 14 December 2017

Summary

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.

Affected Version(s)

FortiClientWindows 5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0

References

https://securite.intrinsec.com/2017/12/22/cve-2017-7344-f...

x_refsource_MISC

http://www.securityfocus.com/bid/102176

vdb-entryx_refsource_BID

https://fortiguard.com/advisory/FG-IR-17-070

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2017
Vulnerability Reserved
Mar 30, 2017

.