virus logo Endpoint Vulnerability

FortiClient CVE-2024-3661 Access Control Bypass Vulnerability

description-logoDescription

DHCP's classless static route option 121 can inject routes into a client's routing table, causing VPNs to leak traffic over the physical interface, letting local attackers read, disrupt, or modify traffic intended for the VPN. Affected: FortiClient, Cisco AnyConnect, Palo Alto GlobalProtect, Citrix Secure Access Client.

affected-products-logoAffected Applications

FortiClient

Version Updates

Date Version Status Detail
2024-11-14 1.00772
New
 FortiClient

References

https://www.fortiguard.com/psirt/FG-IR-24-170
ID 5840
Created Apr 05, 2026
Description
Updated		 Apr 05, 2026
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Fortinet
Patch manual
Application FortiClient