Low-privilege attacker can execute arbitrary code with high privileges via spoofed named pipe messages

CVE-2024-47574

Currently unrated 🤨

Key Information

Vendor: Fortinet
Vendor: CVE Published:; 13 November 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

News Articles

CVE-2024-47574CVE-2024-50564

High-severity Fortinet VPN flaw allows privilege escalation

A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user,...

1 week ago

Timeline

👾
Exploit exists.
Nov 14, 2024
First article discovered by null
Nov 14, 2024
Vulnerability published.
Nov 13, 2024

Collectors

NVD Database1 News Article(s)