PSIRT Advisories

Unquoted Service Path Exploit observed in FortiSIEMWindowsAgent


An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

Affected Products

FortiSIEMWindowsAgent version 3.1.2 and below.


Please upgrade to FortiSIEMWindowsAgent version 3.2.0 or above.


Fortinet is pleased to thank Huw Pigott from Shearwater, a CyberCX company, for reporting this vulnerability under responsible disclosure.