CVE-2024-36513

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Published: Nov 12, 2024
Updated: May 4, 2025
CVE: CVE-2024-36513
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	6.4.0	6.4.10.x
fortinet / forticlient	7.2.0	7.2.5
fortinet / forticlient	7.0.0	7.0.13

https://fortiguard.fortinet.com/psirt/FG-IR-24-144

Vulnerability Database

289,599

CVE-2024-36513