CVE-2023-41840: Fortiguard

** PSIRT Advisories**

FortiClient (Windows) - DLL Hijacking via openssl.cnf

Summary

An untrusted search path vulnerability [CWE-426] in FortiClient Windows OpenSSL component may allow an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

Version

Affected

Solution

FortiClientWindows 7.2

7.2.0 through 7.2.1

Upgrade to 7.2.2 or above

FortiClientWindows 7.0

7.0.9

Upgrade to 7.0.10 or above

Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Acknowledgement

Fortinet is pleased to thank Alexander Staalgaard from Banshie for reporting this vulnerability under responsible disclosure.

Timeline

2023-11-06: Initial publication