FortiClient IOCTL Bypass

HIGH (7.8) Patch Available
cwe-782forticlientwindowsfortinethigh-severity-vulnerabilitylocal-authentication-bypasswindows-vpn-client

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 3%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

FortiClient is a VPN client software used by some organizations to secure remote connections. This vulnerability allows an authenticated local user to execute unauthorized code via the fortips driver, potentially leading to arbitrary memory writes and privilege escalation.

Am I affected?

Affected versions: 7.4.3, 7.2.9

Affected Products

Fortinet / FortiClient Windows

How to fix

  1. Upgrade to FortiClient 7.4.4 or above from the official Fortinet website.
  2. Immediate mitigations:
  3. Restrict network access to your FortiClient instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized token creation

References