FortiClient Linux - Command injection vulnerability
An OS command injection (CWE-78)Â vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent attacker to execute privileged and arbitrary commands on the Linux appliance on which FortiClient is running byÂ tricking the user into connecting to a network with a malicious name (SSID).
A successful attack requires that the attacker hasÂ control over the access point the host is connected to.Â
FortiClient for Linux versions 6.2.8 and below.
FortiClient for Linux versions 6.4.2 and below.
Please upgrade to FortiClient for Linux version 6.2.9 or above.
Please upgrade to FortiClient for Linux version 6.4.3 or above.