| IR Number | FG-IR-19-148 |
| Date | Oct 18, 2019 |
| Severity |
Medium |
| CVSSv3 Score | 6.2 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2019-6692 |
| Affected Products |
FortiClientWindows
:
6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClient Windows Service or Process Tampering
Summary
FortiClient for Windows could be subject to the following shut down or tampering attempts:
a) User Interface or Command Line shut down
By default a privileged user can close the FortiClient for Windows programÂ
Â
b) Service or Process shut down
Malicious privileged programs can stop the FortiClient for Windows process via the taskkill command
Â
c) UninstallÂ
By default a privileged user can unintall the FortiClient for Windows programÂ
Â
d) Code Injection
A component of FortiClient for Windows will search a specific un-existing Windows Dynamic Link library when starting related to the programming framework used in FortiClient. A malicious and privileged program can forge that DLL, leading to arbitrary code execution.
Affected Products
a) User Interface or Command Line shut down
FortiClient for Windows all versions under default configurations.
Â
b) Service or Process shut down
FortiClient for Windows 6.2.1 and below versions.
Â
c) UninstallÂ
FortiClient for Windows all versions under default configurations.
Â
d) Code InjectionÂ
FortiClient for Windows 6.2.0 and below versions.
All of the above require the malicious program or attacker to have the same or higher level of privilege as FortiClient.
Solutions
a) User Interface or Command Line Tampering
FortiClient for Windows supports disabling program-closing under both managed mode and standalone mode:
o Managed mode: Enable the "Disable Unregister" setting in FortiClient EMS
o Standalone mode: Enablethe "Lock Settings" setting in FortiClient console
Â
b) Service or Process shut down
Upgrade to FortiClient for Windows 6.2.2
Â
c) UninstallÂ
FortiClient for Windows supports disabling program uninstall under both managed mode and standalone mode:
o Managed mode: Enable the "Disable Unregister" setting in FortiClient EMS
o Standalone mode: Enable the "Lock Settings" setting in FortiClient console
Â
d) Code InjectionÂ
Upgrade to FortiClient for Windows 6.2.1
Revision History:
2019-07-25 Initial release
2019-10-17 FortiClient for Windows 6.2.2 released to address issue b)
Acknowledgement
Fortinet is pleased to thank Edsel Valle - security researcher from NSS Labs for reporting this vulnerability under responsible disclosure.