CVE-2024-47574 — Authentication Bypass Using an Alternate Path or Channel in Fortinet Forticlient

CWE-288 — Authentication Bypass Using an Alternate Path or Channel CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 90.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientwindows

Timeline

PublishedNov 13

Description

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/forticlientwindows7.2.0 — 7.2.4+3

▶NVDfortinet/forticlient6.4.0 — 7.0.13+2

🔴Vulnerability Details

GHSA

GHSA-658w-f28g-3j4h: A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7↗2024-11-13

▶

CVEList

CVE-2024-47574: A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7↗2024-11-13

▶

📋Vendor Advisories

Fortinet

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4...↗2024-11-13

▶