PSIRT Advisory

Privilege escalation vulnerability in FortiClient for Linux

Summary

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

Impact

Privilege Escalation

Affected Products

FortiClient for Linux versions 6.2.7 and below. FortiClient for Linux versions 6.4.0 and below.

Solutions

Please upgrade to FortiClient for Linux versions 6.2.8 or above. Please upgrade to FortiClient for Linux versions 6.4.1 or above.

Acknowledgement

Fortinet is pleased to thank Marco Vaz for reporting this vulnerability under responsible disclosure.