CVE-2024-40586

Name of the Vulnerable Software and Affected Versions: FortiClient versions 7.4.0 through 7.0.13 and earlier

Description: The issue is related to improper access control, which may allow a local user to escalate their privileges via the FortiSSLVPNd service pipe. This could potentially be exploited by an attacker to gain elevated access.

Recommendations: For FortiClient versions 7.4.0 and earlier, consider restricting access to the FortiSSLVPNd service pipe as a temporary workaround until a patch is available. For versions 7.2.6 and below, as well as version 7.0.13 and below, apply the same restriction to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.