FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory

2022-04-0500:00:00

FortiGuard Labs

www.fortiguard.com

0.0004 Low

EPSS

Percentile

12.8%

JSON

An improper initialization [CWE-665] vulnerability in FortiClient (Windows) may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer’s directory.

CPENameOperatorVersion
forticlientwindowseq7.0.2
forticlientwindowseq7.0.1
forticlientwindowseq7.0.0
forticlientwindowseq6.4.7
forticlientwindowseq6.4.6
forticlientwindowseq6.4.5
forticlientwindowseq6.4.4
forticlientwindowseq6.4.3
forticlientwindowseq6.4.2
forticlientwindowseq6.4.1

Name	Operator	Version
forticlientwindows	eq	7.0.2
forticlientwindows	eq	7.0.1
forticlientwindows	eq	7.0.0
forticlientwindows	eq	6.4.7
forticlientwindows	eq	6.4.6
forticlientwindows	eq	6.4.5
forticlientwindows	eq	6.4.4
forticlientwindows	eq	6.4.3
forticlientwindows	eq	6.4.2
forticlientwindows	eq	6.4.1

Rows per page:

1-10 of 321

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for FG-IR-21-238