Improper Authorization Vulnerability in FortiClient for Windows by Fortinet
CVE-2021-36183

7.4HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientwindows
Vendor: CVE Published:; 2 November 2021

Summary

An improper authorization vulnerability exists in FortiClient for Windows that may enable a local, unprivileged attacker to escalate their privileges to SYSTEM. This vulnerability arises from insufficient access controls on the named pipe responsible for FortiClient updates, potentially allowing exploits that compromise system integrity.

Affected Version(s)

Fortinet FortiClientWindows FortiClientWindows 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0

References

https://fortiguard.com/advisory/FG-IR-20-079

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2021
Vulnerability Reserved
Jul 6, 2021