CVE-2024-40586

Summary

CVE-2024-40586 is a newly identified vulnerability affecting FortiClient for Windows. This issue, classified as an Improper Access Control vulnerability (CWE-284), resides in FortiSSLVPNd service pipe. It is worth noting that local users can potentially exploit this flaw to escalate their privileges in FortiClient versions 7.4.0, 7.2.6, and below, as well as version 7.0.13 and below. This vulnerability may pose a significant risk if not addressed promptly, as it could enable local users to gain elevated access to the system. Organizations using impacted FortiClient versions are encouraged to update to the latest patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.