Unquoted Service Path exploit in Fortinet FortiClient
FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability (CVE-2019-17658). That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
Base Score: 9.8
FortiClient for Windows Versions 6.2.2 and below.
Patched in Version
FortiClient for Windows version 6.2.3 or above.
Private: The PoC is not published because it’s obvious.
Michael Wollner (@Ibonok)