Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40682: Fortiguard

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.

CVE
Open in Source
#vulnerability#windows#auth

** PSIRT Advisories**

FortiClient (Windows) - Arbitrary file creation from unprivileged users due to process impersonation

Summary

An incorrect authorization [CWE-863] vulnerability in FortiClient (Windows) may allow a local low privileged attacker to perform arbitrary file creation in the device filesystem.

Affected Products

FortiClientWindows version 7.0.0 through 7.0.7
FortiClientWindows version 6.4.0 through 6.4.9
FortiClientWindows version 6.2.0 through 6.2.9
FortiClientWindows version 6.0.0 through 6.0.10

Solutions

Please upgrade to FortiClientWindows version 7.2.0 or above
Please upgrade to FortiClientWindows version 7.0.8 or above

Acknowledgement

Fortinet is pleased to thank Daniel Hulliger from Armasuisse CYD Campus for reporting this vulnerability under responsible disclosure.

Timeline

2023-03-28: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE