CVE-2024-36513

Description

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

fortinet / forticlientwindows7.2.0 – 7.2.4
fortinet / forticlientwindows7.0.0 – 7.0.12
fortinet / forticlientwindows6.4.0 – 6.4.10

References

VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-24-144