=====================================================================

                                    CERT-Renater

                         Note d'Information No. 2021/VULN633
_____________________________________________________________________

DATE                : 30/11/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiClient, FortiClient EMS
                             versions prior to 7.0.1, 6.4.7.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-21-088
_____________________________________________________________________

FortiClientWindows & FortiClient EMS - Privilege escalation via DLL 
Hijacking

Summary

An unsafe search path vulnerability in FortiClient and FortiClient EMS
may allow an attacker to perform a DLL Hijack attack on affected devices
via a malicious OpenSSL engine library in the search path.


Affected Products


FortiClient 7.0.0
FortiClient 6.4.6 and below.
FortiClient 6.2.x.
FortiClient 6.0.x.

FortiClient EMS 7.0.0
FortiClient EMS 6.4.6 and below.
FortiClient EMS 6.2.x.
FortiClient EMS 6.0.x.

Solutions


Please upgrade to FortiClient 7.0.1 or above.

Please upgrade to FortiClient 6.4.7 or above.


Please upgrade to FortiClient EMS 7.0.1 or above.

Please upgrade to FortiClient EMS 6.4.7 or above.


Acknowledgement

Fortinet is pleased to thank independent researcher AmeenBasha M K, and
Ammarit Thongthua and Sumedt Jitpukdebodin of Secure D Research team,
for reporting this vulnerability under responsible disclosure.



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================