CVE-2024-47574

Summary

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientWindows7.4.0affected
FortinetFortiClientWindows7.2.0 <= 7.2.4affected
FortinetFortiClientWindows7.0.0 <= 7.0.12affected
FortinetFortiClientWindows6.4.0 <= 6.4.10affected

Weaknesses

  • CWE-288: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References