CVE-2024-47574

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Nov 13, 2024 / Updated: 6d ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47574

Nov 13, 2024 at 12:15 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Nov 13, 2024 at 12:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47574. See article

Nov 13, 2024 at 12:25 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 13, 2024 at 12:26 PM
Threat Intelligence Report

CVE-2024-47574 is a vulnerability related to improper access control in Named Pipes, which could potentially allow unauthorized access to sensitive data or system resources. The criticality of this vulnerability is underscored by its potential impact, although specific details such as CVSS score, exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors are not provided in the available information. Further investigation is necessary to assess the full scope and implications of this vulnerability. See article

Nov 13, 2024 at 12:59 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210873)

Nov 13, 2024 at 2:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.1%)

Nov 14, 2024 at 2:05 PM
Exploitation in the Wild

Attacks in the wild have been reported by The Register - Security: Patches. See article

Nov 14, 2024 at 10:23 PM / The Register - Security: Patches
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (382379)

Nov 19, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Fortinet
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

References

Two new zero-day vulnerabilities uncovered in FortiClient VPN - Pentera
CVE-2024-47574 – An improper access control vulnerability in FortiClient allows an authenticated low-privileged threat actor direct access to tamper with the service configuration, alter some registry keys of the service and delete sensitive log files. In this research, we took a look at the way FortiClient VPN uses named pipes in Windows to communicate with other Fortinet-related services, which led us to the discovery of two vulnerabilities that enabled us to gain access to the API of privileged Fortinet services and to gain LPE (Local Privilege Escalation).
Two new zero-day vulnerabilities uncovered in FortiClient VPN
In this research, we took a look at the way FortiClient VPN uses named pipes in Windows to communicate with other Fortinet-related services, which led us to the discovery of two vulnerabilities that enabled us to gain access to the API of privileged Fortinet services and to gain LPE (Local Privilege Escalation). CVE-2024-47574 – An improper access control vulnerability in FortiClient allows an authenticated low-privileged threat actor direct access to tamper with the service configuration, alter some registry keys of the service and delete sensitive log files.
Fortinet Patches Critical Flaws That Affected Multiple Products
Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple products, including FortiAnalyzer, FortiClient, FortiManager, and FortiOS. These vulnerabilities could allow attackers to perform unauthorized operations, escalate privileges, or hijack user sessions.

News

Weekly Threat Landscape Digest – Week 47
From sophisticated zero-day exploits to novel malware campaigns, this week’s Hawkeye Security Advisory brings you actionable insights into the latest threats and how to mitigate them. The BrazenBamboo APT group is actively exploiting an unpatched zero-day vulnerability in Fortinet’s FortiClient VPN software for Windows.
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin . New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework.
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin . New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework.
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)
New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework. It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin.
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework. It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin.
See 24 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI