CVE-2020-9291

Summary

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClient for WindowsFortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlieraffected

Weaknesses

  • Improper Access Control, Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References