CVE-2019-17658

CRITICAL

FortiClient Windows <6.2.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17658. PoCs published by Ibonok.

AI-analyzed exploit summary This repository provides a technical summary of CVE-2019-17658, an unquoted service path vulnerability in FortiClient for Windows. It details affected versions, patched versions, and references official sources but does not include a functional PoC.

Description

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Exploits (1)

nomisec WRITEUP

by Ibonok · poc

https://github.com/Ibonok/CVE-2019-17658

View Code ZIP pw:eip

This repository provides a technical summary of CVE-2019-17658, an unquoted service path vulnerability in FortiClient for Windows. It details affected versions, patched versions, and references official sources but does not include a functional PoC.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: FortiClient for Windows (versions 6.2.2 and below)

No auth needed

Prerequisites: Local access to the target system · Ability to place an executable in a path higher in the search order than the intended service path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://fortiguard.com/advisory/FG-IR-19-281

Scores

CVSS v3 9.8

EPSS 0.0218

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

fortinet/forticlient 6.0.0 - 6.0.9

Published Mar 12, 2020

Tracked Since Feb 18, 2026