CVE-2024-47574: 
FortiClient vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2024-47574) was discovered in Fortinet FortiClient Windows. The vulnerability affects multiple versions including 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0. This security flaw was reported by Nir Chako from Pentera under responsible disclosure and was initially published on November 12, 2024 (Fortinet Advisory, NVD).

The vulnerability is classified as an authentication bypass using an alternate path or channel (CWE-288) that allows a low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. The severity is rated as HIGH with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

If exploited, this vulnerability allows low-privileged attackers to execute arbitrary code with high privileges on affected systems. The vulnerability affects the core functionality of FortiClient Windows, potentially compromising the security of the entire system (Fortinet Advisory).

Fortinet has released patches for affected versions and recommends users to upgrade to the following fixed versions: FortiClientWindows 7.4 users should upgrade to 7.4.1 or above, FortiClientWindows 7.2 users should upgrade to 7.2.5 or above, FortiClientWindows 7.0 users should upgrade to 7.0.13 or above, and FortiClientWindows 6.4 users should migrate to a fixed release (Fortinet Advisory).