Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writing data into a windows pipe.
FortiClientWindows version 7.2.0
FortiClientWindows version 7.0.0 through 7.0.8
FortiClientWindows 6.4 all versions
FortiClientWindows 6.2 all versions
FortiClientWindows 6.0 all versions
Please upgrade to FortiClientWindows version 7.2.1 or above
Please upgrade to FortiClientWindows version 7.0.9 or above
AcknowledgementFortinet is pleased to thanks Ting working with the Zero Day Initiative for reporting this vulnerability under responsible disclosure.
2023-03-21: Initial publication