Vulnerability CVE-2017-7344


Published: 2017-12-14

Description:
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Fortinet -> Forticlient 

 References:
http://www.securityfocus.com/bid/102176
https://fortiguard.com/advisory/FG-IR-17-070
https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/

Copyright 2020, cxsecurity.com

 

Back to Top