Description
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
X
RC
Required
Affected products
- fortinet / forticlientwindows7.0.0 – 7.0.7
- fortinet / forticlientwindows6.4.0 – 6.4.10
- fortinet / forticlientwindows6.2.0 – 6.2.9
- fortinet / forticlientwindows6.0.0 – 6.0.10
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-22-320