{"id":3613,"date":"2017-12-22T14:53:58","date_gmt":"2017-12-22T13:53:58","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3613"},"modified":"2017-12-22T14:53:58","modified_gmt":"2017-12-22T13:53:58","slug":"cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/","title":{"rendered":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon"},"content":{"rendered":"<h1>Summary<\/h1>\n<p><strong>Editor:<\/strong> Fortinet<\/p>\n<p><strong>Product:<\/strong> FortiClient<\/p>\n<p><strong>Title:<\/strong> Fortinet FortiClient Windows privilege escalation at logon<\/p>\n<p><strong>CVE ID:<\/strong> <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-7344\">CVE-2017-7344<\/a><\/p>\n<p><strong>Intrinsec ID:<\/strong>\u00a0ISEC-V2017-01<\/p>\n<p><strong>Risk level:<\/strong> high<\/p>\n<p><strong>Usable: <\/strong>Locally, or remotely if the logon screen is exposed (eg through RDP without NLA required). Requires non-default configuration on the client (\u00abEnable VPN before logon\u00bb). Requires an invalid certificate on the VPN endpoint side, or a MITM attacker presenting an invalid certificate (eg stolen laptop scenario).<\/p>\n<p><strong>Impact: <\/strong>Privilege escalation: from anonymous to SYSTEM, and Windows lock screen bypass<\/p>\n<h1>Description<\/h1>\n<p>This vulnerability affects the Fortinet FortiClient program. FortiClient is a client program used to connect to SSL\/IPsec VPN endpoints.<\/p>\n<p>A setting, disabled by default, enables FortiClient on the logon screen to allow users to connect to a VPN profile before logon. An attacker, with physical, or remote (eg through TSE, VNC\u2026), access to a machine with FortiClient and this feature enabled, can obtain SYSTEM level privileges from the lock screen. No account or prior knowledge is required.<\/p>\n<p>The vulnerability lies in the confirmation dialog shown when the server certificate is not valid (eg default self-signed certificate, or Man-In-The-Middle with SSL\/TLS interception situation).<\/p>\n<h1>versions affected<\/h1>\n<ul>\n<li>FortiClient Windows 5.6.0<\/li>\n<li>FortiClient Windows 5.4.3 and earlier<\/li>\n<\/ul>\n<h1>Solutions<\/h1>\n<p>Upgrade to FortiClient Windows 5.4.4 or 5.6.1.<\/p>\n<p>However, we tested the latest version and we discovered some bypasses of the fix under certain circumstances. We have shared our findings with Fortinet who is working on a more complete fix. We do not intend to share more details until this issue is fixed.<\/p>\n<p>&nbsp;<\/p>\n<p>Enabling the \u00abDo not warn invalid server certificate\u00bb option would prevent this issue but it is strongly discouraged since it allows silent Man-in-the-Middle attacks.<\/p>\n<p>Deploying a valid certificate on the VPN endpoint mitigates the issue in standard situations, however when an attacker is in a MITM situation they will present an invalid certificate to the FortiClient, regardless of the legitimate server certificate. This is not sufficient to resolve the issue.<\/p>\n<h1>Credits<\/h1>\n<p>Vulnerability discovered by Cl\u00e9ment Notin \/ <a href=\"https:\/\/twitter.com\/cnotin\">@cnotin<\/a>.<\/p>\n<p>Vulnerability disclosed in coordination with the CERT-Intrinsec.<\/p>\n<h1>Exploitation details<\/h1>\n<h2>Setup<\/h2>\n<p>Windows 7 Professional x64, English. FortiClient, vulnerable version:<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-3649\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-1.png\" alt=\"\" width=\"504\" height=\"385\" \/> <img decoding=\"async\" class=\"aligncenter wp-image-3650\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-2.png\" alt=\"\" width=\"577\" height=\"396\" \/><\/p>\n<p>Create VPN connection in FortiClient with a FortiGate endpoint (or try with any domain having an invalid certificate, such as expired.badssl.com):<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-3651\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-3.png\" alt=\"\" width=\"455\" height=\"401\" \/><\/p>\n<p>Enable the \u201cVPN before logon\u201d setting in FortiClient:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3652\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-4.png\" alt=\"\" width=\"488\" height=\"414\" \/><\/p>\n<p>Log off. The computer is now in a vulnerable state.<\/p>\n<h2>Exploitation steps<\/h2>\n<p>On the logon screen, select the VPN profile and type any password for the user. If the certificate is invalid (default certificate on a legitimate FortiGate, MITM attack, usage of the IP address of the endpoint instead of the hostname\u2026), when connecting the confirmation dialog will appear, then click on \u201cView certificate\u201d:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3673 size-full\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-5.png\" alt=\"\" width=\"632\" height=\"589\" \/><\/p>\n<p>Go to \u201cDetails\u201d tab then click on \u201cCopy to file\u201d:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3654\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-6.png\" alt=\"\" width=\"538\" height=\"494\" \/><\/p>\n<p>Click next until the screen with \u201cBrowse\u201d button:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3655\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-7.png\" alt=\"\" width=\"532\" height=\"439\" \/><\/p>\n<p>Browse to \u201cC:\\Windows\\System32\u201d, type a wildcard \u201c*\u201d in filename to show every files. Find cmd.exe, right click then click \u201cOpen\u201d:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3656\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-8.png\" alt=\"\" width=\"638\" height=\"430\" \/><\/p>\n<p>You get a shell with SYSTEM privileges:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3657\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-9.png\" alt=\"\" width=\"1200\" height=\"694\" \/><\/p>\n<p>The attacker can create a local administrator user account and use it to login:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3658\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-10.png\" alt=\"\" width=\"227\" height=\"370\" \/> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3659\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/12\/forticlient-CVE-2017-7344-11.png\" alt=\"\" width=\"346\" height=\"439\" \/><\/p>\n<h1>External references<\/h1>\n<p>Fortinet PSIRT Advisory: <a href=\"https:\/\/fortiguard.com\/psirt\/FG-IR-17-070\">FG-IR-17-070<\/a><\/p>\n<p>CERT-FR: <a href=\"https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2017-AVI-471\/\">CERTFR-2017-AVI-471<\/a><\/p>\n<p>SecurityFocus: <a href=\"http:\/\/www.securityfocus.com\/bid\/102176\">BID 102176<\/a><\/p>\n<p>Miter: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-7344\">CVE-2017-7344<\/a><\/p>\n<h1>History<\/h1>\n<ul>\n<li>2017-02-27: Vulnerability discovery, advisory sent to Fortinet that acknowledges the reception.<\/li>\n<li>2017-03-15: Intrinsec asks for status update<\/li>\n<li>2017-05-04: Fortinet confirms the vulnerability, assigns CVE-2017-7344 and plans the fix for the future 5.6 version.<\/li>\n<li>2017-06-08: ETA for fixed versions set in June<\/li>\n<li>2017-07-05: Intrinsec asks for status update<\/li>\n<li>2017-07-11: Intrinsec discovers that FortiClient 5.6.0.1075, that was supposed to include the fix, is still vulnerable<\/li>\n<li>2017-08-25: Fortinet clarifies the purpose of the fix and confirms that it is incomplete. New ETA is set at the end of September for FortiClient 5.6.1.<\/li>\n<li>2017-12-07: Intrinsec asks for status update<\/li>\n<li>2017-12-11: Fortinet is finalizing the advisory and plans to publish it during the week<\/li>\n<li>2017-12-13: Fortinet publishes the advisory<\/li>\n<li>2017-12-13: Intrinsec advises against some proposed mitigations<\/li>\n<li>2017-12-13: Fortinet updates the advisory<\/li>\n<li>2017-12-18: Intrinsec finds bypasses of the published fix and shares the details with Fortinet<\/li>\n<li>2017-12-21: Fortinet confirms the bypasses<\/li>\n<li>2017-12-22: Intrinsec publishes its advisory with detailed explanations, with Fortinet&#039;s approval<\/li>\n<\/ul>\n<p><em>\u2014 Cl\u00e9ment Notin<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>Summary Editor: Fortinet Product: FortiClient Title: Fortinet FortiClient Windows privilege escalation at logon CVE ID: [\u2026]<\/p>","protected":false},"author":1,"featured_media":213321,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[154,155,156,157,158,159],"class_list":["post-3613","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-non-categorise","tag-advisory","tag-cve","tag-cve-2017-7344","tag-forticlient","tag-fortinet","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon\" \/>\n<meta property=\"og:description\" content=\"Summary Editor: Fortinet Product: FortiClient Title: Fortinet FortiClient Windows privilege escalation at logon CVE ID: [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-22T13:53:58+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon\",\"datePublished\":\"2017-12-22T13:53:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/\"},\"wordCount\":701,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"advisory\",\"cve\",\"CVE-2017-7344\",\"forticlient\",\"fortinet\",\"vulnerability\"],\"articleSection\":[\"Non cat\u00e9goris\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/\",\"name\":\"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2017-12-22T13:53:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon","og_description":"Summary Editor: Fortinet Product: FortiClient Title: Fortinet FortiClient Windows privilege escalation at logon CVE ID: [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/","og_site_name":"INTRINSEC","article_published_time":"2017-12-22T13:53:58+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon","datePublished":"2017-12-22T13:53:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/"},"wordCount":701,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#primaryimage"},"thumbnailUrl":"","keywords":["advisory","cve","CVE-2017-7344","forticlient","fortinet","vulnerability"],"articleSection":["Non cat\u00e9goris\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/","url":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/","name":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#primaryimage"},"thumbnailUrl":"","datePublished":"2017-12-22T13:53:58+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=3613"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3613\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=3613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=3613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=3613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}