FortiClient (Windows) - Web filter bypass

Summary

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

Affected Products

FortiClient Windows version 7.0.0
FortiClient Windows version 6.4.6 and below.
FortiClient Windows version 6.2.8 and below.

Solutions

Please upgrade to FortiClient Windows version 6.4.7 or above.


Please upgarde to FortiClient Windows version 7.0.1 or above.