all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiClient (Windows) - Privilege Escalation via directory traversal attack

Add to bookmarks
July 5, 2022, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

attack directory directory traversal escalation privilege privilege escalation windows

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 2 weeks, 1 day ago | fortiguard.fortinet.com
actor attacker cwe device +17
FortiSandbox - Arbitrary file read on endpoint 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary files attacker cwe directory +12
FortiNAC-F - Lack of certificate validation 2 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker certificate channel +12
FortiOS - Format String in CLI command 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin arbitrary code attacker +16
FortiOS & FortiProxy - administrator cookie leakage 2 weeks, 1 day ago | fortiguard.fortinet.com
administrator attacker conditions cookie +10
FortiSandbox - Arbitrary file delete on endpoint 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary files attacker cwe delete +13
FortiClientMac - Lack of configuration file validation 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker code configuration +15
FortiManager - Code Injection via Jinja Template 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +11
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin arbitrary code arbitrary code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Level 1 SOC Analyst

@ Telefonica Tech | Dublin, Ireland
View on infosec-jobs.com

Specialist, Database Security

@ OP Financial Group | Helsinki, FI
View on infosec-jobs.com

Senior Manager, Cyber Offensive Security

@ Edwards Lifesciences | Poland-Remote
View on infosec-jobs.com

Information System Security Officer

@ Booz Allen Hamilton | USA, AL, Huntsville (4200 Rideout Rd SW)
View on infosec-jobs.com

Senior Security Analyst - Protective Security (Open to remote across ANZ)

@ Canva | Sydney, Australia
View on infosec-jobs.com
View more jobs