CVE-2024-36513

Summary

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientWindows7.2.0 <= 7.2.4affected
FortinetFortiClientWindows7.0.0 <= 7.0.12affected
FortinetFortiClientWindows6.4.0 <= 6.4.10affected

Weaknesses

  • CWE-270: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References