Null Pointer Dereference in Fortinet FortiClient Windows by Fortinet
CVE-2018-9190

5.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientwindows
Vendor: CVE Published:; 8 February 2019

What is CVE-2018-9190?

A null pointer dereference vulnerability exists in Fortinet's FortiClient for Windows versions 6.0.2 and earlier. This flaw can be exploited by attackers to trigger a denial of service condition through the NDIS miniport driver, leading to potential disruptions in service and loss of availability. Users and organizations utilizing affected versions are advised to implement necessary upgrades and patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Fortinet FortiClientWindows FortiClientWindows 6.0.2 and earlier

References

https://fortiguard.com/advisory/FG-IR-18-092

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2019
Vulnerability Reserved
Apr 2, 2018