Headline
CVE-2022-26113: Fortiguard
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.
** PSIRT Advisories**
FortiClient (Windows) - Arbitrary file write as SYSTEM
Summary
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows may allow a local attacker to perform an arbitrary file write on the system.
Affected Products
FortiClientWindows version 6.0.0 through 6.0.10
FortiClientWindows version 6.2.0 through 6.2.9
FortiClientWindows version 6.4.0 through 6.4.7
FortiClientWindows version 7.0.0 through 7.0.3
Solutions
Please upgrade to FortiClientWindows 7.0.4 or above.
Please upgrade to FortiClientWindows 6.4.8 or above.
Acknowledgement
Fortinet is pleased to thank David Yesland from Rhino Security Labs for bringing this issue to our attention under responsible disclosure.