Insecure Installation Folder

Insecure Installation Folder Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-229 Final 1 1 2023-06-12T00:00:00 Current version 2023-06-12T00:00:00 2023-06-12T00:00:00 An incorrect default permissions [CWE-276] vulnerability in FortiClient (Windows) and FortiConverter (Windows) may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder. None Improper access control FortiConverter version 7.0.0FortiConverter version 6.2.0 through 6.2.1FortiConverter 6.0 all versionsFortiConverter 5.6 all versions are not affectedFortiClientWindows 7.2 all versions are not affectedFortiClientWindows version 7.0.0 through 7.0.6FortiClientWindows version 6.4.0 through 6.4.8FortiClientWindows 6.2 all versions are not affected Please upgrade to FortiClientWindows version 7.0.7 or abovePlease upgrade to FortiClientWindows version 6.4.9 or abovePlease upgrade to FortiConverter version 7.0.1 or abovePlease upgrade to FortiConverter version 6.2.2 or above Fortinet is pleased to thank Konrad Haase from Control Gap for reporting this vulnerability under responsible disclosure. FortiClientWindows 7.0.6 FortiClientWindows 7.0.5 FortiClientWindows 7.0.4 FortiClientWindows 7.0.3 FortiClientWindows 7.0.2 FortiClientWindows 7.0.1 FortiClientWindows 7.0.0 FortiClientWindows 6.4.8 FortiClientWindows 6.4.7 FortiClientWindows 6.4.6 FortiClientWindows 6.4.5 FortiClientWindows 6.4.4 FortiClientWindows 6.4.3 FortiClientWindows 6.4.2 FortiClientWindows 6.4.1 FortiClientWindows 6.4.0 FortiConverter 7.0.0 FortiConverter 6.2.1 FortiConverter 6.2.0 FortiConverter 6.0.3 FortiConverter 6.0.2 FortiConverter 6.0.1 FortiConverter 6.0.0 Insecure Installation Folder CVE-2022-33877 FortiClientWindows-7.0.6 FortiClientWindows-7.0.5 FortiClientWindows-7.0.4 FortiClientWindows-7.0.3 FortiClientWindows-7.0.2 FortiClientWindows-7.0.1 FortiClientWindows-7.0.0 FortiClientWindows-6.4.8 FortiClientWindows-6.4.7 FortiClientWindows-6.4.6 FortiClientWindows-6.4.5 FortiClientWindows-6.4.4 FortiClientWindows-6.4.3 FortiClientWindows-6.4.2 FortiClientWindows-6.4.1 FortiClientWindows-6.4.0 FortiConverter-7.0.0 FortiConverter-6.2.1 FortiConverter-6.2.0 FortiConverter-6.0.3 FortiConverter-6.0.2 FortiConverter-6.0.1 FortiConverter-6.0.0 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-22-229 Insecure Installation Folder Reference>