2024-11-14
Fortinet Releases FortiClient Updates to Address High-Severity Authentication Bypass Issue
A high-severity authentication bypass vulnerability (CVE-2024-47574) in Fortinet's FortiClient for Windows could be exploited to gain elevated privileges and execute arbitrary code via spoofed named pipe messages. Users are urged to upgrade to fixed versions of FortiClientWindows 7.4, 7.2, and 7.0; users running FortiClientWindows 6.4 are urged to migrate to a fixed release. This CVE and a second also affecting FortiClient were detected by a researcher at Pentera Labs.
Editor's Note
FortiClient is a critical component to many organizations. If you are a Fortinet customer running this client you should upgrade. This can be abused as an LPE and attackers are constantly looking for these vectors on local devices.
Moses Frost
Two flaws were discovered, CVE-2024-47574, authentication bypass, CVSS score 7.8, as well as a second flaw, no CVE assigned yet, allowing access to the plain text encryption key used to protect sensitive information. Both flaws are addressed in the updates. If you have Fortinet in your shop, updates to the management client are as important as updates to the firmware on the device. While you're looking at your Fortinet environment, make sure that your management interfaces are also protected, limited to authorized hosts only.