CVE-2024-36513

HIGH8.2

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7

Published Nov 12, 2024

Modified 1 years ago

Details

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Affected Packages

FortiClient

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

References

ADVISORY

https://fortiguard.fortinet.com/psirt/FG-IR-24-144

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-36513

Aliases

FG-IR-24-144

CVSS Analysis

CVSS v3.1

7.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

RequiredUI:R

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.4/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C

Weakness Type (CWE)

Other

CWE-270

Ecosystems(17)

Windows 10 (1507)Windows 10 (1607) / Server 2016 Windows 10 (1809) / Server 2019 Windows 10 (1903)Windows 10 (1909)

Timeline

PublishedNov 12, 2024

ModifiedNov 12, 2024

CVE-2024-36513 | Mondoo Vulnerability Intelligence