CVE-2022-43946

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions prior to 7.0.7

Description The issue is related to an incorrect permission assignment for a critical resource and a time-of-check time-of-use (TOCTOU) race condition vulnerability. This could allow a remote attacker to execute arbitrary commands by writing data into a Windows pipe. The vulnerability can be exploited by attackers on the same file sharing network.

Recommendations For versions prior to 7.0.7, update to version 7.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Windows pipe to minimize the risk of exploitation. Avoid using the vulnerable function until a patch is available.