| IR Number | FG-IR-22-336 |
| Date | Apr 11, 2023 |
| Severity |
High |
| CVSSv3 Score | 7.1 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-40682 |
| Affected Products |
FortiClientWindows
:
7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation
Summary
An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem.
Affected Products
FortiClientWindows version 7.0.0 through 7.0.7
FortiClientWindows version 6.4.0 through 6.4.9
FortiClientWindows version 6.2.0 through 6.2.9
FortiClientWindows version 6.0.0 through 6.0.10
Solutions
Please upgrade to FortiClientWindows version 7.2.0 or abovePlease upgrade to FortiClientWindows version 7.0.8 or above