CVE-2022-42470: 
FortiClient vulnerability analysis and mitigation

A relative path traversal vulnerability (CWE-23) was discovered in Fortinet FortiClient for Windows versions 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.10. The vulnerability was disclosed on April 11, 2023, and allows a local low-privileged attacker to perform arbitrary file creation on the device filesystem (Fortinet Advisory).

The vulnerability is classified as a relative path traversal issue that enables unauthorized code execution or commands through crafted requests sent to a specific named pipe. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and privilege requirements (NVD).

The vulnerability allows attackers to execute unauthorized code or commands and perform arbitrary file creation on the device filesystem, potentially compromising system security and integrity (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiClient Windows version 7.2.0 or above, or alternatively to version 7.0.8 or above (Fortinet Advisory).

The vulnerability was responsibly disclosed by Daniel Hulliger from Armasuisse CYD Campus, demonstrating effective collaboration between security researchers and vendors (Fortinet Advisory).