Improper write access over FortiClient pipe object


Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writing data into a windows pipe.

Affected Products

FortiClientWindows version 7.2.0
FortiClientWindows version 7.0.0 through 7.0.8
FortiClientWindows 6.4 all versions
FortiClientWindows 6.2 all versions
FortiClientWindows 6.0 all versions


Please upgrade to FortiClientWindows version 7.2.1 or above
Please upgrade to FortiClientWindows version 7.0.9 or above


Fortinet is pleased to thanks Ting working with the Zero Day Initiative for reporting this vulnerability under responsible disclosure.


2023-03-21: Initial publication