First published: Tue Feb 11 2025(Updated: )
An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiClient Virtual Private Network | <7.2.6<7.0.13 |
Please upgrade to FortiClientWindows version 7.4.1 or above Please upgrade to FortiClientWindows version 7.2.7 or above Please upgrade to FortiClientWindows version 7.0.14 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-40586 is classified as a high severity vulnerability due to its potential for privilege escalation.
To fix CVE-2024-40586, update FortiClient to version 7.4.1 or later, which addresses the improper access control issue.
CVE-2024-40586 affects FortiClient Windows versions 7.4.0, 7.2.6 and below, as well as 7.0.13 and below.
No, CVE-2024-40586 requires local access, as it involves privilege escalation through the FortiSSLVPNd service.
CVE-2024-40586 is categorized as an Improper Access Control vulnerability, specifically related to privilege escalation.