CVE-2024-40586

Summary

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientWindows7.4.0affected
FortinetFortiClientWindows7.2.0 <= 7.2.6affected
FortinetFortiClientWindows7.0.3 <= 7.0.13affected

Weaknesses

  • CWE-284: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References