VDB
CVE-2024-40586
CVE-2024-40586
PUBLISHED
Es existiert eine Schwachstelle in Fortinet FortiClient für Windows. Diese besteht aufgrund einer unsachgemäßen Zugriffskontrolle. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Berechtigungen über die FortiSSLVPNd-Dienstpipe zu eskalieren.
EPSS 0.02% · 4.4th percentile
Risk Scores
EPSS Score
0.02%
4.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiClient Windows <7.4.1 | |
| Fortinet | Fortinet FortiClient Windows <7.2.7 | |
| Fortinet | Fortinet FortiClient Windows <7.0.14 |
Exploit Intelligence
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc-repo)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc)
- Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient (github-poc)
…and 7 more exploits
Timeline
- Feb 11, 2025 Coalition ESS Score
- Feb 11, 2025 CVE Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 11, 2025 PoC Published
- Feb 12, 2025 EPSS Score
- Feb 12, 2025 CVE Updated
- Feb 27, 2025 EPSS Score
- Mar 13, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 26, 2025 EPSS Score