PSIRT Advisories
FortiClient Linux - Command injection vulnerability
Summary
An OS command injection (CWE-78) vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent attacker to execute privileged and arbitrary commands on the Linux appliance on which FortiClient is running by tricking the user into connecting to a network with a malicious name (SSID).
A successful attack requires that the attacker has control over the access point the host is connected to.Â
Affected Products
FortiClient for Linux versions 6.2.8 and below.
FortiClient for Linux versions 6.4.2 and below.
Solutions
Please upgrade to FortiClient for Linux version 6.2.9 or above.
Please upgrade to FortiClient for Linux version 6.4.3 or above.