CVE-2021-36183: 
FortiClient vulnerability analysis and mitigation

An improper authorization vulnerability (CVE-2021-36183) was discovered in FortiClient for Windows, affecting versions 7.0.1 and below, as well as 6.4.2 and below. The vulnerability was initially published on November 2, 2021, and was assigned a high severity rating. This security flaw was identified by security researchers Dimitri Gasser, Nicola Stauffer, and Daniel Hulliger under responsible disclosure (Fortiguard PSIRT).

The vulnerability is classified as an improper authorization issue [CWE-285] that affects the named pipe responsible for FortiClient updates. The severity of this vulnerability has been assessed with a CVSSv3 score of 7.2, categorizing it as high severity (Fortiguard PSIRT).

If successfully exploited, this vulnerability allows a local unprivileged attacker to escalate their privileges to SYSTEM level access on the affected Windows system (NVD, Fortiguard Encyclopedia).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade FortiClient for Windows to version 6.4.3 or above for the 6.4.x branch, or version 7.0.2 or above for the 7.0.x branch (Fortiguard PSIRT).