HIGH🇬🇧 English

CVE-2024-36513

CVSS 8.2v3.1pub. 2024-11-12upd. 2024-11-14

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Fortinet Forticlient

    APP
    Fortinet
    6.4.0 – 6.4.107.0.0 – 7.0.13 (bez)7.2.0 – 7.2.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-45590CRITICAL9.6PL ✓ten sam produkt

Code injection w Fortinet FortiClientLinux umożliwiający RCE

CVE-2019-17658CRITICAL9.8ten sam produkt

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and...

CVE-2026-24018HIGH7.8ten sam produkt

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...

CVE-2025-62676HIGH7.1ten sam produkt

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...

CVE-2025-46373HIGH7.8ten sam produkt

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...