Denial of service due to folder access permission change


An improper control of a resource through its lifetime [CWE-664] vulnerability in FortiClient (Windows) may allow a privileged attacker to make the whole application unresponsive via changing its root directory access permission.

Affected Products

FortiClient (Windows) version 6.0.10 and below
FortiClient (Windows) version 6.2.9 and below
FortiClient (Windows) version 6.4.1 and 6.4.0


Upgrade to FortiClient (Windows) version 6.4.2 or above.

Upgrade to FortiClient (Windows) version 7.0.0 or above.


Fortinet is pleased to thank Mike de Almeida for reporting this vulnerability under responsible disclosure