CVE-2024-47574
First published: Wed Nov 13 2024(Updated: )
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiClient VPN | =7.4.0>=7.2.0<=7.2.4>=7.0.0<=7.0.12>=6.4.0<=6.4.10 | |
| Fortinet FortiClient Windows | >=6.4.0<7.0.13 | |
| Fortinet FortiClient Windows | >=7.2.0<7.2.5 | |
| Fortinet FortiClient Windows | =7.4.0 |
Remedy
Please upgrade to FortiClientWindows version 7.4.1 or above Please upgrade to FortiClientWindows version 7.2.5 or above Please upgrade to FortiClientWindows version 7.0.13 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/remedy
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/last-modified-date
- collector/the-register
- source/The Register
- alias/CVE-2024-47574
- alias/CVE-2024-50564
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/fortinet
- canonical/fortinet forticlient windows
- version/fortinet forticlient windows/6.4.0
- version/fortinet forticlient windows/7.2.0
- version/fortinet forticlient windows/7.4.0