CVE may affect millions of devices that utilize FortiClientWindows version 7.4.0 as well as previous versions, and requires immediate patching

Boston, Mass. November 14, 2024 – Pentera, the leader in Automated Security Validation, today announced the discovery of a Zero-Day vulnerability by its Pentera Labs research team. Researchers uncovered a high severity CVE that can lead to the escalation to SYSTEM privileges, establishment of persistence within the system, and deletion of log entries.

The vulnerability was reported to Fortinet by Security Researcher Nir Chako in March 2024 and responsibly disclosed to the Fortinet team. The vulnerability has been released now under CVE-2024-47574 with a patch. The CVE impacts all users of FortiClientWindows [version 7.4.0 and previous], as well as previous versions. Pentera Labs’ technical review of the vulnerability can be found here.

As the primary solution to secure remote connections, VPNs are among the most popular targets for threat actors. According to ZScaler’s 2023 VPN Risk Report, 45% of organizations confirmed experiencing at least one attack that exploited VPN vulnerabilities in the previous 12 months, with one in three becoming victim of VPN-related ransomware attacks.

CVE-2024-47574 is an improper access control vulnerability in FortiClient that allows an authenticated low-privileged threat actor direct access to tamper with the service configuration, alter some registry keys of the service and delete sensitive log files.

“This research is a textbook example of how Pentera is able to test and validate against the latest attack techniques. The Pentera Labs team is made up of the most experienced white hat hackers who research the entire enterprise IT attack surfaces and probe the security controls protecting top enterprises,” said Alex Spivakovsky, VP of Research at Pentera. “Our team consistently adds new attack vectors to our platform so that our customers are able to validate their security against the latest, most creative attacks threat actors are using today. Pentera Labs findings are fueling the engine that powers Pentera’s platform, ensuring that our security validation is the most robust in the market in terms of both breadth and depth.”

Sign up for our upcoming webinar with Pentera Labs’ Researcher, Nir Chako, to learn more about the CVEs.

Updates and Mitigations

To remediate CVE-2024-47574 please visit Fortinet’s Advisory site: https://www.fortiguard.com/psirt/FG-IR-24-199