Fortinet's FortiClient is a VPN client software used to connect to secure networks. This vulnerability allows an authenticated local IPSec user to execute arbitrary code or commands on the system by exploiting a heap-based buffer overflow in the "fortips_74.sys" driver.
Affected versions: 7.4.3, 7.2.8
Upgrade to FortiClient Windows 7.4.4 or above from the official Fortinet website: https://www.fortinet.com/support-downloads
- Immediate mitigations:
- Restrict network access to your FortiClient instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation