CVE-2024-36507

Published: Nov 12, 2024Modified: Nov 14, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

Affected (3)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 7.0.0 to 7.0.13
Fortinet Forticlient	From 7.2.0 to 7.2.5
Fortinet Forticlient	Version 7.4.0

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-205

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.