CVE-2019-5589

Name of the Vulnerable Software and Affected Versions FortiClient Online Installer versions prior to 6.0.6

Description The issue allows an unauthenticated, remote attacker with control over the directory where FortiClientOnlineInstaller.exe is located to execute arbitrary code on the system. This is achieved by uploading malicious .dll files to that directory.

Recommendations For versions prior to 6.0.6, update to version 6.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where FortiClientOnlineInstaller.exe resides to prevent malicious .dll files from being uploaded.