Pentera, the leader in Automated Security Validation, announced the discovery of a Zero-Day vulnerability by its Pentera Labs research team. Researchers uncovered a high severity CVE that can lead to the escalation to SYSTEM privileges, establishment of persistence within the system, and deletion of log entries.

Cyber Technology Insights: Fortinet Opens Innovation Hub in Atlanta, Expanding Reach

The vulnerability was reported to Fortinet by Security Researcher Nir Chako in March 2024 and responsibly disclosed to the Fortinet team. The vulnerability has been released now under CVE-2024-47574 with a patch. The CVE impacts all users of FortiClientWindows [version 7.4.0 and previous], as well as previous versions.

As the primary solution to secure remote connections, VPNs are among the most popular targets for threat actors. According to ZScaler’s 2023 VPN Risk Report, 45% of organizations confirmed experiencing at least one attack that exploited VPN vulnerabilities in the previous 12 months, with one in three becoming victim of VPN-related ransomware attacks.

CVE-2024-47574 is an improper access control vulnerability in FortiClient that allows an authenticated low-privileged threat actor direct access to tamper with the service configuration, alter some registry keys of the service and delete sensitive log files.

“This research is a textbook example of how Pentera is able to test and validate against the latest attack techniques. The Pentera Labs team is made up of the most experienced white hat hackers who research the entire enterprise IT attack surfaces and probe the security controls protecting top enterprises,” said Alex Spivakovsky, VP of Research at Pentera. “Our team consistently adds new attack vectors to our platform so that our customers are able to validate their security against the latest, most creative attacks threat actors are using today. Pentera Labs findings are fueling the engine that powers Pentera’s platform, ensuring that our security validation is the most robust in the market in terms of both breadth and depth.”

Cyber Technology Insights: Mirantis Simplifies Kubernetes, Secures Enterprise Apps

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com

Source – Prnewswire