CVE-2023-41840

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows version 7.0.9

Description The issue is related to an untrusted search path vulnerability that allows an attacker to perform a DLL Hijack attack. This can be achieved by placing a malicious OpenSSL engine library in the search path, which can lead to arbitrary code execution. The vulnerability is associated with the exploitation of a legitimate DLL file being replaced by a malicious library.

Recommendations For Fortinet FortiClientWindows version 7.0.9, consider restricting access to the search path to prevent malicious libraries from being loaded, until a patch is available. As a temporary workaround, avoid using the vulnerable OpenSSL engine library in the affected search path.