Cyber Resilience

CVE-2024-36513

High

Published: 12 November 2024

Published
12 November 2024
Modified
14 November 2024
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0017 37.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-36513 is a high-severity Privilege Context Switching Error (CWE-270) vulnerability in Fortinet Forticlient. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
forticlient
6.4.0 — 6.4.10 · 7.0.0 — 7.0.13 · 7.2.0 — 7.2.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References