FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

2023-06-1200:00:00

FortiGuard Labs

www.fortiguard.com

forticlient

forticonverter

windows

insecure installation folder

cwe-276

vulnerability

software

0.0004 Low

EPSS

Percentile

5.1%

JSON

An incorrect default permissions [CWE-276] vulnerability in FortiClient (Windows) and FortiConverter (Windows) may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder.

CPENameOperatorVersion
forticonvertereq7.0.0
forticonvertereq6.2.1
forticonvertereq6.2.0
forticonvertereq6.0.3
forticonvertereq6.0.2
forticonvertereq6.0.1
forticonvertereq6.0.0
forticlientwindowseq7.0.6
forticlientwindowseq7.0.5
forticlientwindowseq7.0.4

Name	Operator	Version
forticonverter	eq	7.0.0
forticonverter	eq	6.2.1
forticonverter	eq	6.2.0
forticonverter	eq	6.0.3
forticonverter	eq	6.0.2
forticonverter	eq	6.0.1
forticonverter	eq	6.0.0
forticlientwindows	eq	7.0.6
forticlientwindows	eq	7.0.5
forticlientwindows	eq	7.0.4

Rows per page:

1-10 of 231

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for FG-IR-22-229