CVE-2024-36507

CWE-4264 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 74.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedNov 12

Description

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.4+2
NVDfortinet/forticlient7.0.07.0.13+2

🔴Vulnerability Details

2
CVEList
CVE-2024-36507: A untrusted search path in Fortinet FortiClientWindows versions 72024-11-12
GHSA
GHSA-rmph-8gw6-8rhx: A untrusted search path in Fortinet FortiClientWindows versions 72024-11-12

📋Vendor Advisories

1
Fortinet
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 thr...2024-11-12
CVE-2024-36507 (HIGH CVSS 7.8) | A untrusted search path in Fortinet | cvebase.io