CVE-2017-7344
N/A
N/A
Summary
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet, Inc. | FortiClientWindows | 5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0 | affected |
Weaknesses
- Escalation of privilege
ADP Enrichment
CVE Program Container
Additional References
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/
- http://www.securityfocus.com/bid/102176
- https://fortiguard.com/advisory/FG-IR-17-070
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/
- http://www.securityfocus.com/bid/102176
- https://fortiguard.com/advisory/FG-IR-17-070
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.