FortiClient (Windows) - Privilege Escalation via directory traversal attack

Summary

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

Version Affected Solution
FortiClientWindows 7.0 7.0.0 through 7.0.2 Upgrade to 7.0.3 or above
FortiClientWindows 6.4 6.4.0 through 6.4.6 Upgrade to 6.4.7 or above
FortiClientWindows 6.2 6.2 all versions Migrate to a fixed release

Acknowledgement

Fortinet is pleased to thank Daniel Hulliger of Armasuisse - CYD Campus for reporting this vulnerability under responsible disclosure