CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
fortinetforticlient
𝑥
≤ 5.4.3
fortinetforticlient
5.6.0
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/102176
https://fortiguard.com/advisory/FG-IR-17-070
https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/
http://www.securityfocus.com/bid/102176
https://fortiguard.com/advisory/FG-IR-17-070
https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/