PSIRT Advisory
Unquoted Service Path exploit in FortiClient
Summary
An unquoted service path vulnerability in the FortiClient FortiTray component may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
Impact
Escalation of privilege
Affected Products
FortiClient for Windows Versions 6.2.2 and below.
Solutions
Please upgrade to FortiClient for Windows version 6.2.3 or above.
Acknowledgement
Fortinet is pleased to thank Michael Wollner from Deutsche Telekom AG for reporting this vulnerability under responsible disclosure.