FortiClient NDIS Miniport Driver Null Pointer Dereference

Summary

There is a Null pointer dereference in the NDIS Miniport drivers in FortiClient on Windows, which may be leveraged by an unprivileged user to cause a Denial of Service (BSOD).

Affected Products

FortiClientWindows 6.0.2 and below.

Solutions

Upgrade to FortiClientWindows 6.0.3 or above.

Acknowledgement

Fortinet thanks Enrique Nissim, Senior Security Consultant at IOActive for reporting this vulnerability.