mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
99 lines
3.6 KiB
JSON
99 lines
3.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-36513",
|
|
"ASSIGNER": "psirt@fortinet.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Escalation of privilege",
|
|
"cweId": "CWE-270"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Fortinet",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FortiClientWindows",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "7.2.0",
|
|
"version_value": "7.2.4"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "7.0.0",
|
|
"version_value": "7.0.12"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.4.0",
|
|
"version_value": "6.4.10"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144",
|
|
"refsource": "MISC",
|
|
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Please upgrade to FortiClientWindows version 7.4.0 or above \nPlease upgrade to FortiClientWindows version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.0.13 or above \nPlease upgrade to FortiClientWindows version 6.4.11 or above"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C"
|
|
}
|
|
]
|
|
}
|
|
} |