CVE-2020-9290

Name of the Vulnerable Software and Affected Versions FortiClient for Windows versions 6.2.3 and below

Description The issue is related to an Unsafe Search Path vulnerability, which may allow a local attacker to execute arbitrary code on the system. This can be achieved by uploading malicious Filter Library DLL files to the directory where FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe reside. The vulnerability is associated with errors in the path search mechanism.

Recommendations For versions 6.2.3 and below, consider restricting access to the directory where FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe are located to prevent malicious DLL files from being uploaded. As a temporary workaround, avoid using the FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.