FortiEDRCollector (Windows) - Protection may be disabled by local attacker
Summary
An improper access control vulnerabilty [CWE-284] in FortiEDRCollectorWindows may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.
Affected Products
FortiEDRCollectorWindows version 5.2.0.4549 and below
FortiEDRCollectorWindows 5.0.3.1007 and below
FortiEDRCollectorWindows 4.0 all versions
Solutions
Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above
Please upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above