FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation
Summary
An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem.
Affected Products
FortiClientWindows version 7.0.0 through 7.0.7
FortiClientWindows version 6.4.0 through 6.4.9
FortiClientWindows version 6.2.0 through 6.2.9
FortiClientWindows version 6.0.0 through 6.0.10
Solutions
Please upgrade to FortiClientWindows version 7.2.0 or abovePlease upgrade to FortiClientWindows version 7.0.8 or above