Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-33877: Fortiguard

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

CVE
Open in Source
#vulnerability#windows#auth

** PSIRT Advisories**

FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

Summary

An incorrect default permissions [CWE-276] vulnerability in FortiClient (Windows) and FortiConverter (Windows) may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder.

Affected Products

FortiClientWindows version 7.0.0 through 7.0.6
FortiClientWindows version 6.4.0 through 6.4.8
FortiConverter version 7.0.0
FortiConverter 6.2 all versions
FortiConverter 6.0 all versions

Solutions

Please upgrade to FortiClientWindows version 7.0.7 or above
Please upgrade to FortiClientWindows version 6.4.9 or above

Please upgrade to FortiConverter version 7.0.1 or above
Please upgrade to FortiConverter version 6.2.2 or above

Acknowledgement

Fortinet is pleased to thank Konrad Haase from Control Gap for reporting this vulnerability under responsible disclosure.

Timeline

2023-05-23: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE