Unquoted Service Path exploit in Fortinet FortiClient

FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability (CVE-2019-17658). That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Component

FortiClient FortiTray

Affected Products

FortiClient for Windows Versions 6.2.2 and below.

Patched in Version

FortiClient for Windows version 6.2.3 or above.

PoC

Private: The PoC is not published because it’s obvious.

  • https://nvd.nist.gov/vuln/detail/CVE-2019-17658
  • https://fortiguard.com/psirt/FG-IR-19-281

Michael Wollner (@Ibonok)