| IR Number | FG-IR-21-238 |
| Date | Apr 5, 2022 |
| Severity |
High |
| CVSSv3 Score | 8 |
| Impact | Escalation of privilege |
| CVE ID | CVE-2021-44169 |
| Affected Products |
FortiClientWindows
:
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory
Summary
An improper initialization [CWE-665] vulnerability in FortiClient (Windows) may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.
Affected Products
FortiClient (Windows) version 6.4.7 and below
FortiClient (Windows) version 7.0.2 and below
FortiClient (Windows) 6.0 all versions
FortiClient (Windows) 6.2 all versions
Solutions
Upgrade to FortiClient (Windows) 7.0.3 or above
Upgrade to FortiClient (Windows) 6.4.8 or above