====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN343
_____________________________________________________________________

DATE                : 12/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running FortiSIEMWindowsAgent versions
                                     prior to 3.2.0.

=====================================================================
https://fortiguard.com/psirt/FG-IR-20-021
_____________________________________________________________________

Unquoted Service Path Exploit observed in FortiSIEMWindowsAgent


Summary

An unquoted service path vulnerability in the FortiSIEM Windows Agent
component may allow an attacker to gain elevated privileges via the
AoWinAgt executable service path.


Impact

Escalation of privilege


Affected Products

FortiSIEMWindowsAgent version 3.1.2 and below.


Solutions

Please upgrade to FortiSIEMWindowsAgent version 3.2.0 or above.


Acknowledgement

Fortinet is pleased to thank Huw Pigott from Shearwater, a CyberCX
company, for reporting this vulnerability under responsible disclosure.

_____________________________________________________________________

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================