Local Privilege Escalation in Fortinet FortiClient for Windows
CVE-2018-9191

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlient For Windows
Vendor: CVE Published:; 30 May 2019

Summary

A local privilege escalation vulnerability in Fortinet's FortiClient for Windows versions 6.0.4 and earlier can be leveraged by attackers to execute unauthorized commands or code. This occurs through a named pipe associated with the FortiClient update process, allowing exploitation if an attacker gains access to the affected system.

Affected Version(s)

Fortinet FortiClient for Windows 6.0.4 and earlier

References

https://fortiguard.com/advisory/FG-IR-18-108

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2019
Vulnerability Reserved
Apr 2, 2018