PSIRT Advisories

FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking

Summary

An unsafe search path vulnerability  in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

Affected Products

FortiClient 7.0.0
FortiClient 6.4.6 and below.
FortiClient 6.2.x.
FortiClient 6.0.x.

FortiClient EMS 7.0.0
FortiClient EMS 6.4.6 and below.
FortiClient EMS 6.2.x.
FortiClient EMS 6.0.x.

Solutions

Please upgrade to FortiClient 7.0.1 or above.

Please upgrade to FortiClient 6.4.7 or above.

 

Please upgrade to FortiClient EMS 7.0.1 or above.

Please upgrade to FortiClient EMS 6.4.7 or above.

Acknowledgement

Fortinet is pleased to thank independent researcher AmeenBasha M K, and Ammarit Thongthua and Sumedt Jitpukdebodin of Secure D Research team, for reporting this vulnerability under responsible disclosure.