CVE-2022-33877

Name of the Vulnerable Software and Affected Versions FortiClient versions 7.0.0 through 7.0.6 FortiClient versions 6.4.0 through 6.4.8 FortiClient version 6.0.0 FortiConverter versions 6.2.0 through 6.2.1 FortiConverter version 7.0.0 FortiConverter version 6.0.0

Description The issue is related to incorrect default permissions, which may allow a local authenticated attacker to tamper with files in the installation folder if the software is installed in an insecure folder. This could potentially enable an attacker to replace files in the software's installation directory.

Recommendations For FortiClient versions 7.0.0 through 7.0.6, consider reinstalling the software in a secure folder to mitigate the risk. For FortiClient versions 6.4.0 through 6.4.8, consider reinstalling the software in a secure folder to mitigate the risk. For FortiClient version 6.0.0, consider reinstalling the software in a secure folder to mitigate the risk. For FortiConverter versions 6.2.0 through 6.2.1, consider reinstalling the software in a secure folder to mitigate the risk. For FortiConverter version 7.0.0, consider reinstalling the software in a secure folder to mitigate the risk. For FortiConverter version 6.0.0, consider reinstalling the software in a secure folder to mitigate the risk. As a temporary workaround, consider restricting access to the installation folder until a secure installation can be performed.