Vulnerabilities > CVE-2017-7344 - Unspecified vulnerability in Fortinet Forticlient
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
Vulnerable Configurations
References
- http://www.securityfocus.com/bid/102176
- http://www.securityfocus.com/bid/102176
- https://fortiguard.com/advisory/FG-IR-17-070
- https://fortiguard.com/advisory/FG-IR-17-070
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/