An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.
2023-06-13T09:15:14.420
2024-11-21T07:08:30.657
Modified
CVSSv3.1: 7.0 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | forticlient | ≤ 6.4.8 | Yes |
| Application | fortinet | forticlient | ≤ 7.0.6 | Yes |
| Application | fortinet | forticonverter | ≤ 6.0.3 | Yes |
| Application | fortinet | forticonverter | 6.2.0 | Yes |
| Application | fortinet | forticonverter | 6.2.1 | Yes |
| Application | fortinet | forticonverter | 7.0.0 | Yes |