CNNVD-202511-2028 Information
CNNVD ID
CNNVD-202511-2028
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Fortinet FortiClientWindows是美国飞塔(Fortinet)公司的一套基于Windows平台的移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。 Fortinet FortiClientWindows 7.4.0版本至7.4.3版本和7.2.0版本至7.2.9版本存在安全漏洞,该漏洞源于fortips驱动程序访问控制不足,可能导致本地用户执行未授权代码。
Description (English)
Fortinet Forest Windows is a mobile terminal security solution based on the Windows platform of Fortinet. The program, when connected to FortiGate firewall equipment, provides the functionality of IPsec and SSL encryption, wide area network optimization, terminal compliance and dual-factor authentication. There is a security loophole between Fortinet fortiClitWindows versions 7.4.0 and 7.2.0 to 7.2.9, which stems from inadequate access controls of the Fortips driver, which may lead local users to implement unauthorized codes.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2025-11-18
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-112 https://access.redhat.com/security/cve/cve-2025-47761 https://vigilance.fr/vulnerability/FortiClientWindows-privilege-escalation-via-Fortips-Driver-IOCTL-48806
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-112
Share on: