Privilege escalation in online installer due to incorrect working director Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-238 Final 1 1 2022-04-05T00:00:00 Current version 2022-04-05T00:00:00 2022-04-05T00:00:00 An improper initialization [CWE-665] vulnerability in FortiClient (Windows) may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. None Escalation of privilege FortiClient (Windows) version 6.4.7 and belowFortiClient (Windows) version 7.0.2 and belowFortiClient (Windows) 6.0 all versionsFortiClient (Windows) 6.2 all versions Upgrade to FortiClient (Windows) 7.0.3 or aboveUpgrade to FortiClient (Windows) 6.4.8 or above Fortinet is pleased to thank JaeHeng Yoon of JENBlack Soft for reporting this vulnerability under responsible disclosure. CVE-2021-44169 8.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-238 Privilege escalation in online installer due to incorrect working director Reference>