Fortinet FortiOS and FortiClient Antivirus Engine Vulnerability in RAR Archive Detection

Vulnerability

A vulnerability exists in Fortinet FortiOS 6.2 and 6.4, as well as FortiClient 6.2, all running specific versions of the antivirus engine. These products may fail to promptly detect certain malformed or non-standard RAR archives that could contain malicious files. In the case of FortiClient, the detection occurs during extraction through real-time scanning. For FortiGate, the detection is possible if Virus Outbreak Prevention is activated.

Impact

Exploitation of this vulnerability could lead to a delayed detection of malicious files contained within certain RAR archives, allowing potential threats to go unnoticed until after extraction.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

5.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

5.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS and FortiClient Antivirus Engine Vulnerability in RAR Archive Detection

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating