CNNVD-202511-2031 Information
CNNVD ID
CNNVD-202511-2031
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Fortinet FortiClientWindows是美国飞塔(Fortinet)公司的一套基于Windows平台的移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。 Fortinet FortiClientWindows 7.4.0版本至7.4.3版本和7.2.0版本至7.2.8版本存在安全漏洞,该漏洞源于fortips_74.sys存在堆缓冲区溢出,可能导致本地IPSec用户执行任意代码。
Description (English)
Fortinet Forest Windows is a mobile terminal security solution based on the Windows platform of Fortinet. The program, when connected to FortiGate firewall equipment, provides the functionality of IPsec and SSL encryption, wide area network optimization, terminal compliance and dual-factor authentication. There is a security loophole between Fortinet FortiClitWindows versions 7.4.0 and 7.2.0 to 7.2.8, which stems from the spilling of a pile of buffers from Fortis 74.sys, which may result in the implementation of arbitrary codes by local IPSec users.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2025-11-18
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-125 https://access.redhat.com/security/cve/cve-2025-46373 https://vigilance.fr/vulnerability/FortiClientWindows-buffer-overflow-via-Fortips-Driver-48805
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-125
Share on: