CVE-2024-40586 MEDIUM

CVE-2024-40586

Vendor Fortinet
Product FortiClientWindows
Weakness CWE-284
Published February 11, 2025
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

What the vulnerability does

01Description

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 12, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-34794 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability CVE-2023-0506 ByDemes Group Airspace CCTV Web Service Improper Access Control CVE-2023-25821 Nextcloud download permissions can be changed by resharer CVE-2023-6810 ClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files