cvelist/2024/36xxx/CVE-2024-36513.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-36513",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Escalation of privilege",
                        "cweId": "CWE-270"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FortiClientWindows",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.2.0",
                                            "version_value": "7.2.4"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.0",
                                            "version_value": "7.0.12"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.4.0",
                                            "version_value": "6.4.10"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144",
                "refsource": "MISC",
                "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144"
            }
        ]
    },
    "solution": [
        {
            "lang": "en",
            "value": "Please upgrade to FortiClientWindows version 7.4.0 or above \nPlease upgrade to FortiClientWindows version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.0.13 or above \nPlease upgrade to FortiClientWindows version 6.4.11 or above"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C"
            }
        ]
    }
}
"-Synchronized-Data." 2024-05-29 09:00:33 +00:00			`{`
"-Synchronized-Data." 2024-11-12 19:00:34 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-05-29 09:00:33 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-36513",`
"-Synchronized-Data." 2024-11-12 19:00:34 +00:00			`"ASSIGNER": "psirt@fortinet.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-05-29 09:00:33 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-11-12 19:00:34 +00:00			`"value": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Escalation of privilege",`
			`"cweId": "CWE-270"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Fortinet",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "FortiClientWindows",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.2.0",`
			`"version_value": "7.2.4"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.0.0",`
			`"version_value": "7.0.12"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "6.4.0",`
			`"version_value": "6.4.10"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144",`
			`"refsource": "MISC",`
			`"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"value": "Please upgrade to FortiClientWindows version 7.4.0 or above \nPlease upgrade to FortiClientWindows version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.0.13 or above \nPlease upgrade to FortiClientWindows version 6.4.11 or above"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.4,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C"`
"-Synchronized-Data." 2024-05-29 09:00:33 +00:00			`}`
			`]`
			`}`
			`}`