Malicious DLL Preload Vulnerability in Fortinet FortiClient for Windows
CVE-2019-6692

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlient For Windows
Vendor: CVE Published:; 24 October 2019

Summary

A malicious DLL preload vulnerability exists in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code by forging a malicious DLL. This flaw impacts FortiClient versions 6.2.0 and earlier, posing significant security risks to systems running vulnerable versions.

Affected Version(s)

Fortinet FortiClient for Windows FortiClient for Windows 6.2.0 and below

References

https://fortiguard.com/psirt/FG-IR-19-148

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2019
Vulnerability Reserved
Jan 23, 2019