CVE-2024-47574
Last modified
CVE-2024-47574 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | >= 6.4.0, < 7.0.13 |
| Fortinet | Forticlient | >= 7.2.0, < 7.2.5 |
| Fortinet | Forticlient | 7.4.0 |
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-199Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47574?
How severe is CVE-2024-47574?
How do I fix CVE-2024-47574?
Are you affected by CVE-2024-47574?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST