Local privilege escalation to SYSTEM in FortiClient Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-108 Final 1 1 2018-12-22T00:00:00 Current version 2018-12-22T00:00:00 2018-12-22T00:00:00 A researcher has disclosed several vulnerabilities against FortiClient for Windows, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows. Execute unauthorized code or commands All FortiClient for Windows which has Vulnerability scan features enabled. It is advised that all customers update their Vulnerability Scan engine to v2.00027 or later to protect against this vulnerability. In FortiClient -> About -> Engines -> Vulnerability, ensure version is 2.00027 or greater. The engine update will be pushed automatically to all FortiClients. Upgrade to FortiClient 6.0.5. Fortinet thanks Kevin Joensen from Secu A/S for reporting this vulnerability. CVE-2018-13368 CVE-2018-9191 CVE-2018-9193 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-108 Local privilege escalation to SYSTEM in FortiClient Reference>