Multiple vulnerabilities in Fortinet FortiClient for Windows
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-40682 CVE-2022-43946 CVE-2022-42470 |
| CWE-ID | CWE-863 CWE-732 CWE-73 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Fortinet FortiClient for Windows Server applications / Other server solutions |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Incorrect authorization
EUVDB-ID: #VU74985
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40682
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect authorization. A local user can impersonate FortiClient process and create arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsFortinet FortiClient for Windows: 6.0.0 - 7.0.7
External linkshttp://fortiguard.com/psirt/FG-IR-22-336
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect permission assignment for critical resource
EUVDB-ID: #VU74983
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43946
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect permission assignment to a windows pipe in FortiClient Logging daemon. A remote attacker on the same file sharing network can write arbitrary data to a windows pipe and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsFortinet FortiClient for Windows: 6.0.0 - 7.0.7
External linkshttp://fortiguard.com/psirt/FG-IR-22-429
http://www.zerodayinitiative.com/advisories/ZDI-23-1104/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) External Control of File Name or Path
EUVDB-ID: #VU74982
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42470
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to create arbitrary files on the system.
The vulnerability exists due to application allows an attacker to control path of the files to create. A local user can create arbitrary files on the system with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsFortinet FortiClient for Windows: 6.0.0 - 7.0.7
External linkshttp://fortiguard.com/psirt/FG-IR-22-320
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
