{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-028.pdf"
    },
    "title": "FortiClient for Windows Privilege Escalation Vulnerability",
    "serial_number": "2020-028",
    "publish_date": "26-05-2020 15:18:00",
    "description": "Fortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability. The vulnerability has received CVE number CVE-2020-9291.",
    "url_title": "2020-028",
    "content_markdown": "---\ntitle: 'FortiClient for Windows Privilege\u00a0Escalation Vulnerability'\nversion: '1.0'\nnumber: '2020-028'\ndate: 'May 26, 2020'\n---\n\n_History:_\n\n* _26/05/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nFortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability [1]. The vulnerability has received CVE number CVE-2020-9291 [1, 3].\n\n\n# Technical Details\n\nThe vulnerability, discovered by Lasse Trolle Borup of Danish Cyber Defence, allows a local user to gain elevated privileges by exhausting the pool of temporary file names combined with a symbolic link attack [2]. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.\nCurrently there is no exploit publicly available.\n\n# Affected Products\n\nThis vulnerability affects Fortinet FortiClient for Windows version 6.2.1 and earlier.  \n\n\n# Recommendations\n\nUpgrade to FortiClient for Windows version 6.2.2 or above.\n\nIn case upgrade is not possible, the vulnerability can be mitigated by restricting access to affected computers only to trusted individuals.\n\n# References\n\n[1] <https://fortiguard.com/psirt/FG-IR-20-040>\n\n[2] <https://www.cybersecurity-help.cz/vdb/SB2020052615>\n\n[3] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>26/05/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Fortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability [1]. The vulnerability has received CVE number CVE-2020-9291 [1, 3].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability, discovered by Lasse Trolle Borup of Danish Cyber Defence, allows a local user to gain elevated privileges by exhausting the pool of temporary file names combined with a symbolic link attack [2]. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system. Currently there is no exploit publicly available.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects Fortinet FortiClient for Windows version 6.2.1 and earlier. </p><h2 id=\"recommendations\">Recommendations</h2><p>Upgrade to FortiClient for Windows version 6.2.2 or above.</p><p>In case upgrade is not possible, the vulnerability can be mitigated by restricting access to affected computers only to trusted individuals.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://fortiguard.com/psirt/FG-IR-20-040\">https://fortiguard.com/psirt/FG-IR-20-040</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cybersecurity-help.cz/vdb/SB2020052615\">https://www.cybersecurity-help.cz/vdb/SB2020052615</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}