CVE-2024-40586

CWE-284Improper Access Control4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 95.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedFeb 11

Description

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.6+2
NVDfortinet/forticlient7.0.37.0.14+2

🔴Vulnerability Details

2
CVEList
CVE-2024-40586: An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 72025-02-11
GHSA
GHSA-89gg-gc7x-gwhp: An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 72025-02-11

📋Vendor Advisories

1
Fortinet
An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, versio...2025-02-11
CVE-2024-40586 (MEDIUM CVSS 6.7) | An Improper Access Control vulnerab | cvebase.io