PSIRT Advisories
FortiClient (Windows) - Improper write access over FortiClient pipe object
Summary
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writing data into a windows pipe.
Affected Products
FortiClientWindows version 7.0.0 through 7.0.7
FortiClientWindows version 6.4 all versions
FortiClientWindows version 6.2 all versions
FortiClientWindows version 6.0 all versions
Solutions
Please upgrade to FortiClientWindows version 7.2.0 or above
Please upgrade to FortiClientWindows version 7.0.8 or above