CVE-2024-47574

Published Nov 13, 2024

Last updated a month ago

CVSS high 7.8

Overview

Description: A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@fortinet.com: CWE-288
nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FE64D7B-5E5D-4E55-85BD-5FA14F853E40",
            "versionEndExcluding": "7.0.13",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F06CB11B-0726-4E7A-B257-CB71E2237AA7",
            "versionEndExcluding": "7.2.5",
            "versionStartIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References