CVE-2024-36513

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36513
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-144 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
History

14 Nov 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
First Time Fortinet
Fortinet forticlient
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-144 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-144 - Vendor Advisory

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de error de cambio de contexto de privilegios [CWE-270] en FortiClient Windows versión 7.2.4 y anteriores, versión 7.0.12 y anteriores, 6.4 todas las versiones puede permitir que un usuario autenticado aumente sus privilegios a través de scripts de parcheo automático de lua.

12 Nov 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-12 19:15

Updated : 2024-11-14 20:35

NVD link : CVE-2024-36513

Mitre link : CVE-2024-36513

CVE.ORG link : CVE-2024-36513

JSON object : View

Products Affected

fortinet

  • forticlient
CWE
CWE-270

Privilege Context Switching Error