November 14, 2024 at 05:30PM
A critical vulnerability (CVE-2024-47574) in Fortinet’s FortiClient VPN could allow unauthorized code execution and privilege escalation on Windows systems. Patched in version 7.4.1, it has a 7.8 CVSS rating. Another flaw (CVE-2024-50564) allows altering SYSTEM-level registry keys. Both vulnerabilities were not exploited in the wild.
**Meeting Takeaways:**
1. **High-Severity Vulnerability Identified:** A critical bug (CVE-2024-47574) in Fortinet’s FortiClient VPN has been discovered, allowing low-privilege users or malware on a vulnerable Windows system to escalate privileges and execute code.
2. **Severity Rating:** The vulnerability has a CVSS severity rating of 7.8 out of 10, affecting several versions of FortiClient (6.4.0 to 7.4.0). A patch has been released.
3. **Patch Availability:** Users are advised to upgrade to FortiClient version 7.4.1, which addresses both the CVE-2024-47574 vulnerability and a second oversight (CVE-2024-50564) which involves altering SYSTEM-level registry keys.
4. **Discovery and Reporting:** The vulnerabilities were identified by Nir Chako from Pentera Labs and reported to Fortinet. Although the first vulnerability was patched, the second oversight lacks a formal security alert as of now.
5. **Expected Advisory Release:** Fortinet plans to publish a security advisory regarding these vulnerabilities on December 10 Patch Tuesday.
6. **Exploitation Details:** Exploiting CVE-2024-47574 involves using Windows named pipes for privilege escalation through process hollowing, potentially leading to unauthorized code execution and log file deletion.
7. **Potential Combined Risks:** If both vulnerabilities are exploited together, attackers could manipulate SYSTEM-level registry values and compromise system integrity.
8. **Current Status:** Neither vulnerability appears to have been exploited in the wild, and Fortinet has not yet responded to inquiries about this issue. Continuous updates will be provided as new information becomes available.