SB2020031538 - Insecure DLL loading in Fortinet FortiClient for Windows and FortiClient VPN
Published: March 15, 2020 Updated: October 6, 2020
Security Bulletin ID
SB2020031538
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insecure DLL loading (CVE-ID: CVE-2020-9290)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides can execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
Remediation
Install update from vendor's website.