Executive Risk Summary
"A local low-privilege attacker may exploit the 'Link Following' vulnerability in FortiClient to perform an arbitrary file write with elevated permissions. This vulnerability affects FortiClientWindows versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.12, and all versions of 7.0."
Operational Audit Arsenal
Target Type Executable
Target Asset FortiClient.exe
Standard Path %ProgramFiles%\Fortinet\FortiClient
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: FortiClient.exe (Executable)
$Targets = 'FortiClient.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Network and security services may be affected
Internal Work Notes
Apply FortiClient update to mitigate arbitrary file write vulnerability with elevated permissions
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Fortinet Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.