CVE-2024-36513

Name of the Vulnerable Software and Affected Versions FortiClient Windows versions 7.2.4 and below FortiClient Windows version 7.0.12 and below FortiClient Windows version 6.4

Description A privilege context switching error vulnerability in FortiClient Windows may allow an authenticated user to escalate their privileges via lua auto patch scripts. This issue is related to errors in switching the context of privileges.

Recommendations For FortiClient Windows versions 7.2.4 and below, update to a version above 7.2.4 to resolve the issue. For FortiClient Windows version 7.0.12 and below, update to a version above 7.0.12 to resolve the issue. For FortiClient Windows version 6.4, consider upgrading to a newer version to mitigate the risk of exploitation, as all versions of 6.4 are affected. As a temporary workaround, consider restricting access to lua auto patch scripts until a patch is available.