Arbitrary file deletion from unprivileged users
Summary
An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file deletion in the device filesystem.
Version | Affected | Solution |
---|---|---|
FortiClientWindows 7.2 | Not affected | Not Applicable |
FortiClientWindows 7.0 | 7.0.0 through 7.0.7 | Upgrade to 7.0.8 or above |
FortiClientWindows 6.4 | 6.4.0 through 6.4.8 | Upgrade to 6.4.9 or above |
FortiClientWindows 6.2 | 6.2 all versions | Migrate to a fixed release |
FortiClientWindows 6.0 | 6.0 all versions | Migrate to a fixed release |
Acknowledgement
Fortinet is pleased to thank Daniel Hulliger from Armasuisse CYD Campus for reporting this vulnerability under responsible disclosure.Timeline
2023-10-10: Initial publication