PSIRT

FortiClient (Windows) - Privilege Escalation via directory traversal attack

Summary

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

Version	Affected	Solution
FortiClientWindows 7.0	7.0.0 through 7.0.2	Upgrade to 7.0.3 or above
FortiClientWindows 6.4	6.4.0 through 6.4.6	Upgrade to 6.4.7 or above
FortiClientWindows 6.2	6.2 all versions	Migrate to a fixed release

Acknowledgement

Fortinet is pleased to thank Daniel Hulliger of Armasuisse - CYD Campus for reporting this vulnerability under responsible disclosure

IR Number	FG-IR-21-190
Date	Jul 5, 2022
Severity	High
CVSSv3 Score	7.8
Impact	Escalation of privilege
CVE ID	CVE-2021-41031
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

FortiClient (Windows) - Privilege Escalation via directory traversal attack

Summary

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

PSIRT

FortiClient (Windows) - Privilege Escalation via directory traversal attack

Summary

Acknowledgement

Threat Intelligence
Center