Unquoted Service Path Exploit observed in FortiSIEMWindowsAgent
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
FortiSIEMWindowsAgent version 3.1.2 and below.
Please upgrade to FortiSIEMWindowsAgent version 3.2.0 or above.
Fortinet is pleased to thank Huw Pigott from Shearwater, a CyberCX company, for reporting this vulnerability under responsible disclosure.