An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Forticlient
APPFortinet6.0.0 – 6.0.96.2.0 – 6.2.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2023-45590CRITICAL9.6PL ✓ten sam produkt
Code injection w Fortinet FortiClientLinux umożliwiający RCE
CVE-2026-24018HIGH7.8ten sam produkt
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...
CVE-2025-62676HIGH7.1ten sam produkt
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...
CVE-2025-47761HIGH7.8ten sam produkt
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClien...
CVE-2025-46373HIGH7.8ten sam produkt
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...