CVE-2024-47574

HIGH

Fortinet FortiClientWindows <7.4.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0046
EPSS Percentile 37.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-288 CWE-306
Status published
Products (2)
fortinet/forticlient 7.4.0
fortinet/forticlient 6.4.0 - 7.0.13
Published Nov 13, 2024
Tracked Since Feb 18, 2026