CVE-2020-9290: 
FortiClient vulnerability analysis and mitigation

A security vulnerability identified as CVE-2020-9290 was discovered in FortiClient version 6.2.3. The vulnerability was reported by an independent security researcher Honc (honcbb@gmail.com) and was disclosed in March 2020. This vulnerability affected Fortinet's FortiClient, FortiClientVPN, and FortiClientEMS Online Installer (Fortiguard PSIRT).

The vulnerability has been assigned a CVSS 3.0 score of 7.7 (High), with the following vector: I:H/AV:L/AC:L/S:U/PR:N/A:H/UI:R/C:H. The vulnerability is related to DLL hijacking issues in the antivirus software's installation framework (ManageEngine).

The implications of this vulnerability are significant as it could lead to full privilege escalation on the local system. Due to the high privilege level of security products, exploitation of this vulnerability could help malware sustain its foothold and cause more damage to the organization (Hacker News).

The vulnerability has been addressed by Fortinet through security updates. Users are advised to update their FortiClient software to the latest version to mitigate this vulnerability (Fortiguard PSIRT).

The vulnerability was part of a broader industry-wide discovery of security flaws in popular antivirus solutions. Security researchers from CyberArk highlighted that these types of vulnerabilities in security products pose higher risks than other applications due to their elevated privileges (GBHackers).