Ethical Hacking News
A critical vulnerability has been discovered in Fortinet's FortiClient VPN application, which could potentially allow a low-privilege rogue user or malware to gain higher privileges from another user, execute code and possibly take over the box. The bug, tracked as CVE-2024-47574, earned a 7.8 out of 10 CVSS severity rating.
A high-severity vulnerability (CVE-2024-47574) has been discovered in Fortinet's FortiClient VPN application. The bug allows a low-privilege rogue user or malware to gain higher privileges, execute code, and potentially take over the system. The vulnerability affects FortiClient Windows versions 7.4.0 to 7.0.0 and 6.4.10 to 6.4.0. The bug has not been exploited in the wild but can be used for process hollowing, deleting log files, and editing system registry values. Fortinet has patched the vulnerability with FortiClient 7.4.1, which should be updated by users as soon as possible.
The latest security alert from Pentera Labs has brought to light a high-severity vulnerability in Fortinet's FortiClient VPN application, which could potentially allow a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files. The bug is tracked as CVE-2024-47574, and it earned a 7.8 out of 10 CVSS severity rating.
This vulnerability affects FortiClientWindows version 7.4.0, 7.2.4 through 7.2.0, 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0. It is worth noting that neither flaw appears to have been exploited in the wild. Fortinet did not immediately respond to The Register's inquiries.
According to Pentera Labs' bug hunter Nir Chako, who found and reported this flaw to Fortinet, the vulnerability involves using Windows named pipes with the FortiClient software to ultimately plant a script so that when a higher-privileged user next uses the VPN, that script is run with their privileges. This technique, known as process hollowing, allows a low-privilege rogue user or malware to gain elevated access to the system.
Moreover, Chako stated that this vulnerability could also be abused to delete log files and make a user connect to an attacker-controlled server. In addition, when combined with the second vulnerability, CVE-2024-50564, a miscreant would be "able to edit SYSTEM level registry values within the HKLM registry hive."
The latter flaw has been assigned CVE-2024-50564, though Fortinet has not yet issued a security alert about it. However, it has also been fixed in the latest version, FortiClient 7.4.1.
According to Chako, "From a security perspective, after testing version 7.4.1, we were able to validate that the patch prevented us from executing the techniques." This suggests that the vulnerability has been effectively patched by Fortinet, and users are advised to upgrade to the latest version of FortiClient as soon as possible.
In conclusion, this high-severity vulnerability in Fortinet's FortiClient VPN application highlights the importance of regular software updates and security patches. Users who have not yet updated their systems are strongly advised to do so immediately to prevent potential exploitation by malicious actors.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/
https://nvd.nist.gov/vuln/detail/CVE-2024-47574
https://www.cvedetails.com/cve/CVE-2024-47574/
https://nvd.nist.gov/vuln/detail/CVE-2024-50564
https://www.cvedetails.com/cve/CVE-2024-50564/
Published: Thu Nov 14 17:37:47 2024 by llama3.2 3B Q4_K_M
