Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/
Source: The Register
Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Feedly Summary: Plus a bonus hard-coded local API key
A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.…
AI Summary and Description: Yes
Summary: The text discusses a critical security vulnerability (CVE-2024-47574) in FortiClient VPN that allows privilege escalation and unauthorized code execution on Windows systems. A secondary vulnerability (CVE-2024-50564) has also been identified, affecting the ability to alter SYSTEM-level registry keys. Both vulnerabilities have been patched, emphasizing the importance of timely updates for security professionals.
Detailed Description:
The provided text details significant security vulnerabilities in Fortinet’s FortiClient VPN application, which underscore the risk associated with vulnerabilities in infrastructure security products:
– **CVE-2024-47574**:
– Severity: Rated 7.8 out of 10 on the CVSS scale, indicating high severity.
– Impact: Allows a low-privilege user or malware to elevate their privileges by executing unauthorized code when a higher-privileged user connects to the VPN, potentially leading to system takeover and log file deletion.
– Affected Versions: Includes several versions of FortiClient from 6.4.0 to 7.4.0.
– Mitigation: A patch has been released (FortiClient 7.4.1), urging users to upgrade immediately.
– **CVE-2024-50564**:
– Newly discovered flaw reported by Nir Chako from Pentera Labs, still awaiting broader public advisory but already fixed in the same patch.
– Impact: Allows alteration of SYSTEM-level registry keys that should not be accessible, posing additional risks.
– **Exploitation Techniques**:
– The text outlines that exploiting CVE-2024-47574 uses Windows named pipes leading to script execution under higher privileges, utilizing a process hollowing technique, which could facilitate malicious actions, including connecting to attacker-controlled servers.
– **Security Recommendations**:
– Immediate upgrade to the patched version (7.4.1) is strongly recommended to mitigate risks.
– The necessity for regular updates and vigilance in monitoring vulnerabilities in enterprise infrastructure products.
This incident highlights the critical importance of rigorous security practices and timely responses to patches for maintaining strong security postures in organizations using VPN technologies.