FortiClient for Windows 6.2.1 Exposure of Resource to Wrong Sphere Vulnerability

Summary

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below.

Credit:

The information has been provided by Lasse Trolle Borup

The original article can be found at:https://fortiguard.com/psirt/FG-IR-20-040


Details

Allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

 

Vulnerable Systems:

FortiClient for Windows 6.2.1

 

CVE Information:

CVE-2020-9291

Disclosure Timeline:
Published Date:6/1/2020

Categories: News