Remote Code Execution due to dangerous ELECTRONJS configuration


An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow##
an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.

Version Affected Solution
FortiClientLinux 7.2 7.2.0 Upgrade to 7.2.1 or above
FortiClientLinux 7.0 7.0.6 through 7.0.10 Upgrade to 7.0.11 or above
FortiClientLinux 7.0 7.0.3 through 7.0.4 Upgrade to 7.0.11 or above


Fortinet is pleased to thank security researcher CataLpa from Dbappsecurity Co. Ltd. for discovering and reporting this vulnerability under responsible disclosure.


2024-04-09: Initial publication