CVE-2019-17658

CRITICAL

FortiClient Windows <6.2.2 - Privilege Escalation

Title source: llm

Description

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Exploits (1)

nomisec WRITEUP

by Ibonok · poc

https://github.com/Ibonok/CVE-2019-17658

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-19-281

Scores

CVSS v3 9.8

EPSS 0.0039

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

fortinet/forticlient 6.0.0 - 6.0.9

Published Mar 12, 2020

Tracked Since Feb 18, 2026