PSIRT Advisories

FortiClient (Linux) - external access to confighandler webserver

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

Affected Products

FortiClient for Linux version 7.0.2 and below

FortiClient for Linux version 6.4.7 and below

FortiClient for Linux version 6.2.9 to 6.2.0

Solutions

Please upgrade to FortiClient for Linux version 7.0.3 or above.

Please upgrade to FortiClient for Linux version 6.4.8 or above.