Information disclosure of folders to exclude from scanning
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows, Linux and Mac, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
Version | Affected | Solution |
---|---|---|
FortiClientLinux 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
FortiClientLinux 7.0 | 7.0 all versions | Migrate to a fixed release |
FortiClientLinux 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiClientLinux 6.2 | 6.2 all versions | Migrate to a fixed release |
FortiClientMac 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
FortiClientMac 7.0 | 7.0 all versions | Migrate to a fixed release |
FortiClientMac 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiClientMac 6.2 | 6.2 all versions | Migrate to a fixed release |
FortiClientWindows 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
FortiClientWindows 7.0 | 7.0 all versions | Migrate to a fixed release |
FortiClientWindows 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiClientWindows 6.2 | 6.2 all versions | Migrate to a fixed release |
Acknowledgement
Fortinet is pleased to thank Alwin Warringa from Ordina for reporting this vulnerability under responsible disclosure.Timeline
2023-10-05: Initial publication