FortClient VPN Upgrade Required on Remote Computers

Threat Level: Medium
Threat Type: Privilege Escalation
Advisory Date: 07/13/2023

Description

FortiClient is the VPN client used by the University of Regina to allow external users to connect to internal network resources.

Systems which have the FortiClient VPN application installed require an upgrade to the most recent version.

There are multiple vulnerabilities in previous versions of FortiClient. Threat actors may be able to abuse these flaws to gain privileged access to your computer in order to steal data, passwords, or install malware. 

Impact

If you use a computer with FortiClient VPN to connect to the University while working from home or other locations, these vulnerabilities will likely be present in your installed version of Forticlient.

FortiClient will require an update to the newest version to remove the vulnerabilities.

FortiClient is installed on home and unmanaged systems which are used to connect to the University of Regina network. 

FortiClient for Windows, Mac OS, and Linux are all impacted.

Impacted Forticlient Versions include FortiClient 7.0.1 and below.

To determine if your installed version of FortiClient requires an upgrade, please follow the below instructions:

Determine Installed Version of FortiClient

  1. Launch FortiClient
  2. Click the (i) icon in the upper right corner

forticlient VPN Banner

The installed version will be displayed such as:

 forticlient VPN Version - minimum 7.0

  1. Compare your current version to the list above.  If you have an impacted version (less than 7.0.1), please upgrade.  The recommended installation is Forticlient 7.0.2 or above.

Resolution

Please upgrade to the latest FortiClient offered from Fortinet.

The process for upgrading FortiClient is to re-install FortiClient by following the instructions at https://www.uregina.ca/is/common/ur/technotes/569.html.

Resources

If you need assistance in determining if the version of FortiClient installed on your computer requires updates, or installing the most recent version of FortiClient, please contact:

Email: IT.Support@uregina.ca
Phone: 306-585-4685
Toll-free in Canada: 1-844-585-4685

Additional Resources:

How to Install FortiClient VPN on Windows and Mac https://www.uregina.ca/is/common/ur/technotes/569.html

https://nvd.nist.gov/vuln/detail/CVE-2021-32592

https://www.cvedetails.com/vulnerability-list/vendor_id-3080/product_id-25405/Fortinet-Forticlient.html