FortiClient (Windows) - Privilege Escalation via directory traversal attack
Summary
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.
Version | Affected | Solution |
---|---|---|
FortiClientWindows 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
FortiClientWindows 6.4 | 6.4.0 through 6.4.6 | Upgrade to 6.4.7 or above |
FortiClientWindows 6.2 | 6.2 all versions | Migrate to a fixed release |