PT-2017-17676 · Microsoft+1 · Windows+1

Publicado

2017-12-14

Atualizado

2019-10-03

CVE-2017-7344

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiClient Windows versions 5.4.3 and earlier Fortinet FortiClient Windows version 5.6.0

Description A privilege escalation issue allows an attacker to gain privileges by exploiting the Windows "security alert" dialog that pops up when the "VPN before logon" feature is enabled and an untrusted certificate chain is present.

Recommendations For Fortinet FortiClient Windows versions 5.4.3 and earlier, consider disabling the "VPN before logon" feature until a patch is available. For Fortinet FortiClient Windows version 5.6.0, consider disabling the "VPN before logon" feature until a patch is available. As a temporary workaround, restrict access to the Windows "security alert" dialog when an untrusted certificate chain is detected to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-7344

Produtos afetados

Forticlient

Windows

PT-2017-17676 · Microsoft+1 · Windows+1

CVE-2017-7344

Identificadores relacionados

Produtos afetados

Referências · 5