Vulnerability Description
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | <= 5.4.3 |
References
- http://www.securityfocus.com/bid/102176Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-070Vendor Advisory
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-winExploitMitigationThird Party Advisory
- http://www.securityfocus.com/bid/102176Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-070Vendor Advisory
- https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-winExploitMitigationThird Party Advisory
FAQ
What is CVE-2017-7344?
CVE-2017-7344 is a vulnerability with a CVSS score of 8.1 (HIGH). A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when t...
How severe is CVE-2017-7344?
CVE-2017-7344 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7344?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient.