Written by Rafael Silva

FortiClient (Windows) – privilege escalation in online installer due to incorrect working directory

FortiClient (Windows) – privilege escalation in online installer due to incorrect working directory

https://ift.tt/AWelUC9

FortiClient (Windows) – privilege escalation in online installer due to incorrect working directory

Summary

An improper initialization [CWE-665] vulnerability in FortiClient (Windows) may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer’s directory.

Affected Products

FortiClient (Windows) version 6.0.10 and below
FortiClient (Windows) version 6.2.9 and below
FortiClient (Windows) version 6.4.7 and below
FortiClient (Windows) version 7.0.2 and below

Solutions

Upgrade to FortiClient (Windows) 7.0.3 or above

Upgrade to FortiClient (Windows) 6.4.8 or above

Acknowledgement

Fortinet is pleased to thank JaeHeng Yoon of JENBlack Soft for reporting this vulnerability under responsible disclosure.

Security,networks

via FortiGuard Labs | FortiGuard Center – IR Advisories https://ift.tt/g3EQHAL

April 8, 2022 at 05:23PM