---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'FortiClient for Windows Privilege Escalation Vulnerability'
version: '1.0'
number: '2020-028'
date: 'May 26, 2020'
---

_History:_

* _26/05/2020 --- v1.0 -- Initial publication_

# Summary

Fortinet FortiClient for Windows is subject of a local privilege-escalation vulnerability [1]. The vulnerability has received CVE number CVE-2020-9291 [1, 3].


# Technical Details

The vulnerability, discovered by Lasse Trolle Borup of Danish Cyber Defence, allows a local user to gain elevated privileges by exhausting the pool of temporary file names combined with a symbolic link attack [2]. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Currently there is no exploit publicly available.

# Affected Products

This vulnerability affects Fortinet FortiClient for Windows version 6.2.1 and earlier.  


# Recommendations

Upgrade to FortiClient for Windows version 6.2.2 or above.

In case upgrade is not possible, the vulnerability can be mitigated by restricting access to affected computers only to trusted individuals.

# References

[1] <https://fortiguard.com/psirt/FG-IR-20-040>

[2] <https://www.cybersecurity-help.cz/vdb/SB2020052615>

[3] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291>