PSIRT

FortiClient privilege escalation vulnerability

Summary

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.

Description

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.

Affected Products

FortiClientWindows 5.4.1, 5.4.2.

Solutions

Upgrade to FortiClient Windows: 5.4.3 or 5.6.0

Acknowledgement

Fortinet is pleased to thank Zhipeng Huo from Tencent Technology Company Limited for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-16-095
Published Date	Oct 31, 2017
Severity	High
CVSSv3 Score	6.2
Impact	Escalation of privilege
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

FortiClient privilege escalation vulnerability

Summary

Description

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

FortiClient privilege escalation vulnerability

Summary

Description

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center