CVE-2024-36513 Vulnerability Analysis & Exploit Details

CVE-2024-36513 Vulnerability Summary

CVE-2024-36513: A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.043% (probability of exploit)

EPSS Percentile: 12.0% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 88.0% of others.

CVE-2024-36513 References

External References

• https://fortiguard.fortinet.com/psirt/FG-IR-24-144

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Using Malicious Files CAPEC-17 An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
• Hijacking a Privileged Thread of Execution CAPEC-30 An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.
• Leverage Executable Code in Non-Executable Files CAPEC-35 An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

Vulnerable Configurations

• cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.1:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.2:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.3:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.4:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.5:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.5:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.5:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.5:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.6:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.6:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.6:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.6:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.9:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.9:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:6.4.10:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:6.4.10:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.1:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.2:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.2:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.2:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.2:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.5:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.6:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.6:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.6:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.6:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.7:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.7:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.7:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.7:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.8:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.9:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.9:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.9:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.9:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.11:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.0.12:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.2:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.2:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.2:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.2:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.3:*:*:*:*:windows:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.3:*:*:*:*:windows:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.3:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.3:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.4:*:*:*:*:macos:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.4:*:*:*:*:macos:*:*
• cpe:2.3:a:fortinet:forticlient:7.2.4:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:fortinet:forticlient:7.2.4:*:*:*:*:iphone_os:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-3284 – The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Reques...
• CVE-2025-3278 – The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugi...
• CVE-2025-2010 – The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_re...
• CVE-2025-43903 – NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
• CVE-2025-3796 – A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admi...