CVE-2017-7344Improper Privilege Management in Fortinet Forticlient

4 documents4 sources
Severity
8.1HIGHNVD
EPSS
1.3%
top 20.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet INC Forticlientwindows
Timeline
PublishedDec 14
Latest updateMay 13

Description

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet_inc/forticlientwindows5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0

🔴Vulnerability Details

2
GHSA
GHSA-ww53-p7m6-mpv2: A privilege escalation in Fortinet FortiClient Windows 52022-05-13
CVEList
CVE-2017-7344: A privilege escalation in Fortinet FortiClient Windows 52017-12-14

📋Vendor Advisories

1
Fortinet
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privil...2017-12-14
CVE-2017-7344 — Improper Privilege Management | cvebase