Fortinet FortiClient Windows Vulnerability with Permission Issues and Race Condition
CVE-2022-43946

7.3HIGH

Key Information:

Vendor
Fortinet
Status
Forticlientwindows
Vendor
CVE Published:
11 April 2023

Summary

Fortinet FortiClient Windows versions prior to 7.0.7 contain multiple vulnerabilities that can lead to significant security risks. An improper permission assignment allows attackers on the same file-sharing network to gain unauthorized access to critical resources. Additionally, a time-of-check to time-of-use (TOCTOU) race condition vulnerability enables attackers to manipulate command execution by writing data into a Windows pipe, potentially leading to further exploitation. Mitigating these vulnerabilities is essential for ensuring comprehensive network security.

Affected Version(s)

FortiClientWindows 7.0.0 <= 7.0.7

FortiClientWindows 6.4.0 <= 6.4.10

FortiClientWindows 6.2.0 <= 6.2.9

References

https://fortiguard.com/psirt/FG-IR-22-429

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.