FortiClient (Windows) - Privilege Escalation via directory traversal attack


A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. 

Version Affected Solution
FortiClientWindows 7.0 7.0.0 through 7.0.2 Upgrade to 7.0.3 or above
FortiClientWindows 6.4 6.4.0 through 6.4.6 Upgrade to 6.4.7 or above
FortiClientWindows 6.2 6.2 all versions Migrate to a fixed release


Fortinet is pleased to thank Daniel Hulliger of Armasuisse - CYD Campus for reporting this vulnerability under responsible disclosure