Command injection vulnerability in FortiClient for Mac OS


An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.

Affected Products

FortiClient for Mac OS version 6.2.1 and below.


Please upgrade to FortiClient for Mac OS version 6.2.2 and above.


Fortinet is very pleased to thank Lasse Trolle Borup of Danish Cyber Defence for bringing this issue to our attention under responsible disclosure.