A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
History

Thu, 14 Nov 2024 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet forticlient
CPEs cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
Vendors & Products Fortinet forticlient

Tue, 12 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet
Fortinet forticlientwindows
CPEs cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet forticlientwindows
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
Description A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
Weaknesses CWE-270
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-11-12T18:53:41.455Z

Updated: 2024-11-12T20:32:26.256Z

Reserved: 2024-05-29T08:44:50.760Z

Link: CVE-2024-36513

cve-icon Vulnrichment

Updated: 2024-11-12T20:30:34.073Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T19:15:10.633

Modified: 2024-11-14T20:35:26.093

Link: CVE-2024-36513

cve-icon Redhat

No data.