Privilege Escalation Vulnerability in FortiClient Windows by Fortinet
CVE-2024-36513

8.8HIGH

Key Information:

Vendor
Fortinet
Status
Forticlient
Vendor
CVE Published:
12 November 2024

Summary

A privilege context switching error vulnerability exists in FortiClient Windows that allows an authenticated user to escalate their privileges. This vulnerability arises from the exploitation of lua auto patch scripts, which can lead to unauthorized access and manipulation of the system. The affected versions include FortiClient Windows 7.2.4 and earlier, 7.0.12 and earlier, and all versions of 6.4. It's crucial for users of these versions to be aware of this vulnerability and take appropriate measures to mitigate potential risks.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-144

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.