FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking

Summary

An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

Affected Products

FortiClient 7.0.0
FortiClient 6.4.6 and below.
FortiClient 6.2 all versions
FortiClient 6.0 all versions

FortiClient EMS 7.0.0
FortiClient EMS 6.4.6 and below.
FortiClient EMS 6.2 all versions
FortiClient EMS 6.0 all versions

Solutions

Please upgrade to FortiClient 7.0.1 or above.
Please upgrade to FortiClient 6.4.7 or above.
Please upgrade to FortiClient EMS 7.0.1 or above.
Please upgrade to FortiClient EMS 6.4.7 or above.

Acknowledgement

Fortinet is pleased to thank independent researcher AmeenBasha M K, and Ammarit Thongthua and Sumedt Jitpukdebodin of Secure D Research team, for reporting this vulnerability under responsible disclosure.