CVE-2024-36513

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 14, 2024

CWE ID 270

Summary

CVE-2024-36513 is a newly disclosed privilege escalation vulnerability affecting FortiClient for Windows. Versions 7.2.4 and below, as well as 7.0.12 and below, and all versions of 6.4 are reportedly vulnerable. The root cause is a privilege context switching error [CWE-270] in the software's handling of Lua auto patch scripts. An authenticated user can exploit this flaw to escalate their privileges, potentially gaining administrative access to the system. This vulnerability poses a significant risk for organizations using FortiClient on Windows platforms and should be addressed promptly by installing the latest software updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Fortinet FortiClient

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners