Description
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
F
RL
Unchanged
RC
Changed
Affected products
- fortinet / forticlientwindows7.0.0 – 7.0.7
- fortinet / forticlientwindows6.4.0 – 6.4.10
- fortinet / forticlientwindows6.2.0 – 6.2.9
- fortinet / forticlientwindows6.0.0 – 6.0.10
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-22-429