CVE-2024-47574

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 6.4.0 through 6.4.10 Fortinet FortiClientWindows versions 7.0.0 through 7.0.12 Fortinet FortiClientWindows versions 7.2.0 through 7.2.4 Fortinet FortiClientWindows version 7.4.0

Description The issue is related to an authentication bypass using an alternate path or channel, allowing a low-privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. This can be achieved by sending specially crafted messages.

Recommendations For Fortinet FortiClientWindows versions 6.4.0 through 6.4.10, update to a version that contains the fix for this issue. For Fortinet FortiClientWindows versions 7.0.0 through 7.0.12, update to a version that contains the fix for this issue. For Fortinet FortiClientWindows versions 7.2.0 through 7.2.4, update to a version that contains the fix for this issue. For Fortinet FortiClientWindows version 7.4.0, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable named pipe messages until a patch is available.