FortiClient (Windows) - Denial of service due to folder access permission change

Summary

An improper control of a resource through its lifetime [CWE-664] vulnerability in FortiClient (Windows) may allow a privileged attacker to make the whole application unresponsive via changing its root directory access permission.

Affected Products

FortiClient (Windows) version 6.0.10 and below
FortiClient (Windows) version 6.2.9 and below
FortiClient (Windows) version 6.4.1 and 6.4.0

Solutions

Upgrade to FortiClient (Windows) version 6.4.2 or above.

Upgrade to FortiClient (Windows) version 7.0.0 or above.

Acknowledgement

Fortinet is pleased to thank Mike de Almeida for reporting this vulnerability under responsible disclosure