An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Forticlient
APPFortinet6.0.0 – 6.0.96.2.0 – 6.2.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2023-45590CRITICAL9.6PL ✓ten sam produkt
Code injection w Fortinet FortiClientLinux umożliwiający RCE
CVE-2026-24018HIGH7.8ten sam produkt
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...
CVE-2025-62676HIGH7.1ten sam produkt
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...
CVE-2025-47761HIGH7.8ten sam produkt
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClien...
CVE-2025-46373HIGH7.8ten sam produkt
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...