Pentera Labs uncovered two Fortinet FortiClient vulnerabilities. CVE-2024-47574 allows low-privileged users to tamper with service configurations, registry keys, and logs through insecure named pipes, escalating privileges via process hollowing. The second flaw exposes a plaintext encryption key in FortiClient executables, enabling decryption of sensitive data. Exploits include redirecting VPN traffic to rogue servers to steal credentials, using malicious connect/disconnect scripts for persistence, and altering registry values. Both issues were responsibly disclosed, and Fortinet patched them in version 7.4.1. Researchers stress secure software design and limiting low-privilege access to SYSTEM services.

Join for free to read