CVE-2024-36513

CWE-2704 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 62.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedNov 12

Description

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.4+2
NVDfortinet/forticlient7.0.07.0.13+2

🔴Vulnerability Details

2
CVEList
CVE-2024-36513: A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 72024-11-12
GHSA
GHSA-9m68-hrx9-5wfc: A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 72024-11-12

📋Vendor Advisories

1
Fortinet
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0...2024-11-12
CVE-2024-36513 (HIGH CVSS 8.8) | A privilege context switching error | cvebase.io