CVE-2024-36513 HIGH

CVE-2024-36513

Vendor Fortinet
Product FortiClientWindows
Weakness CWE-270
Published November 12, 2024
Last update November 12, 2024

CVSS base score

7.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C

What the vulnerability does

01Description

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 12, 2024 Record updated