CVE-2021-44169

Name of the Vulnerable Software and Affected Versions Fortinet FortiClient (Windows) versions 6.0.10 and below Fortinet FortiClient (Windows) versions 6.2.9 and below Fortinet FortiClient (Windows) versions 6.4.7 and below Fortinet FortiClient (Windows) versions 7.0.3 and below

Description The issue is related to an improper initialization in Fortinet FortiClient for Windows, which can be exploited by an attacker to gain administrative privileges. This can be achieved by placing a malicious executable inside the FortiClient installer's directory. The vulnerability is associated with errors in initialization.

Recommendations For versions 6.0.10 and below, update to a version above 6.0.10 to resolve the issue. For versions 6.2.9 and below, update to a version above 6.2.9 to resolve the issue. For versions 6.4.7 and below, update to a version above 6.4.7 to resolve the issue. For versions 7.0.3 and below, update to a version above 7.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the FortiClient installer's directory to minimize the risk of exploitation.