PSIRT Advisory

Mulitple Vulnerabilities in FortiClient

Summary

FortiClient drivers expose IOCTL that may allow an unprivileged user to get system-level privileges.

Impact

Escalation of Privilege

Affected Products

FortiClient v5.2.3 and earlier.

Solutions

Upgrade to FortiClient v5.2.4.

Acknowledgement

Thanks to Enrique Nissim and Joaqun Rodrguez Varela from Core Security for responsibly disclosing these issues to Fortinet.