CVE-2024-36507

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-205	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient:7.4.0:::::windows::

History

14 Nov 2024, 20:31

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-205 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-205 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:forticlient::::::windows::* cpe:2.3:a:fortinet:forticlient:7.4.0:::::windows::
First Time		Fortinet Fortinet forticlient
CVSS	v2 : ~~unknown~~ v3 : ~~7.3~~	v2 : unknown v3 : 7.8

13 Nov 2024, 17:01

Type	Values Removed	Values Added
Summary		(es) Una ruta de búsqueda no confiable en Fortinet FortiClientWindows versiones 7.4.0, versiones 7.2.4 a 7.2.0, versiones 7.0.12 a 7.0.0 permite a un atacante ejecutar código arbitrario a través del secuestro de DLL e ingeniería social.

12 Nov 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-12 19:15

Updated : 2024-11-14 20:31

NVD link : CVE-2024-36507

Mitre link : CVE-2024-36507

CVE.ORG link : CVE-2024-36507

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2024-36507", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2024-11-12T19:15:10.233", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-205", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}, {"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering."}, {"lang": "es", "value": "Una ruta de b\u00fasqueda no confiable en Fortinet FortiClientWindows versiones 7.4.0, versiones 7.2.4 a 7.2.0, versiones 7.0.12 a 7.0.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del secuestro de DLL e ingenier\u00eda social."}], "lastModified": "2024-11-14T20:31:45.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CC29F9A2-9ED8-45C6-AC9F-FB4EEAA7AFF2", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F06CB11B-0726-4E7A-B257-CB71E2237AA7", "versionEndExcluding": "7.2.5", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}