PSIRT Advisory

FortiClient privilege escalation vulnerability

Summary

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.

Description

A low privileged user may be able to execute arbitrary code by exploiting a FortiClientNamedPipe vulnerability.

Impact

Privilege escalation

Affected Products

FortiClientWindows 5.4.1, 5.4.2.

Solutions

Upgrade to FortiClient Windows: 5.4.3 or 5.6.0

Acknowledgement

Fortinet is pleased to thank Zhipeng Huo from Tencent Technology Company Limited for reporting this vulnerability under responsible disclosure.