Search
Find a vulnerability
Search criteria
10 vulnerabilities found for Fortinet FortiClient for Windows by Fortinet
CVE-2020-9291 (GCVE-0-2020-9291)
Vulnerability from nvd – Published: 2020-06-01 18:39 – Updated: 2024-10-25 14:01
VLAI
Summary
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control, Privilege Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-20-040 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:15.726193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:01:40.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control, Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T14:16:37.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-9291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "Low",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control, Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-040",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-9291",
"datePublished": "2020-06-01T18:39:42.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:01:40.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9290 (GCVE-0-2020-9290)
Vulnerability from nvd – Published: 2020-03-15 21:52 – Updated: 2024-10-25 14:26
VLAI
Summary
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-19-060 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.2.3 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:42.827614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:26:32.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.2.3 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T21:52:05.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-9290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.2.3 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-060",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-9290",
"datePublished": "2020-03-15T21:52:05.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:26:32.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9191 (GCVE-0-2018-9191)
Vulnerability from nvd – Published: 2019-05-30 16:27 – Updated: 2024-10-25 14:29
VLAI
Summary
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-108 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.0.4 and earlier
|
Date Public
2018-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-9191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:54.701165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:29:42.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4 and earlier"
}
]
}
],
"datePublic": "2018-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T16:27:18.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-9191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.0.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-108",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2018-9191",
"datePublished": "2019-05-30T16:27:18.000Z",
"dateReserved": "2018-04-02T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:29:42.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13368 (GCVE-0-2018-13368)
Vulnerability from nvd – Published: 2019-05-30 16:27 – Updated: 2024-10-25 14:29
VLAI
Summary
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-108 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.0.4 and earlier
|
Date Public
2018-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-13368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:53.448642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:29:31.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4 and earlier"
}
]
}
],
"datePublic": "2018-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T16:27:34.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-13368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.0.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-108",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2018-13368",
"datePublished": "2019-05-30T16:27:34.000Z",
"dateReserved": "2018-07-06T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:29:31.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5589 (GCVE-0-2019-5589)
Vulnerability from nvd – Published: 2019-05-28 21:42 – Updated: 2024-10-25 14:30
VLAI
Summary
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Unauthorized code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-19-060 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
FortiClient for Windows version below 6.0.6
|
Date Public
2019-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:55.925107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:30:07.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Windows version below 6.0.6"
}
]
}
],
"datePublic": "2019-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T21:42:19.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-5589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiClient for Windows version below 6.0.6"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-060",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-5589",
"datePublished": "2019-05-28T21:42:19.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:30:07.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9291 (GCVE-0-2020-9291)
Vulnerability from cvelistv5 – Published: 2020-06-01 18:39 – Updated: 2024-10-25 14:01
VLAI
Summary
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control, Privilege Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-20-040 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:59:15.726193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:01:40.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control, Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T14:16:37.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-9291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiClient for Windows 6.2.1 and earlier and FortiClient for Windows 6.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "Low",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control, Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-040",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-9291",
"datePublished": "2020-06-01T18:39:42.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:01:40.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9290 (GCVE-0-2020-9290)
Vulnerability from cvelistv5 – Published: 2020-03-15 21:52 – Updated: 2024-10-25 14:26
VLAI
Summary
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-19-060 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.2.3 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:42.827614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:26:32.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.2.3 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T21:52:05.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2020-9290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.2.3 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-19-060",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-19-060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2020-9290",
"datePublished": "2020-03-15T21:52:05.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:26:32.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13368 (GCVE-0-2018-13368)
Vulnerability from cvelistv5 – Published: 2019-05-30 16:27 – Updated: 2024-10-25 14:29
VLAI
Summary
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-108 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.0.4 and earlier
|
Date Public
2018-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-13368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:53.448642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:29:31.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4 and earlier"
}
]
}
],
"datePublic": "2018-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T16:27:34.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-13368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.0.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-108",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2018-13368",
"datePublished": "2019-05-30T16:27:34.000Z",
"dateReserved": "2018-07-06T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:29:31.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9191 (GCVE-0-2018-9191)
Vulnerability from cvelistv5 – Published: 2019-05-30 16:27 – Updated: 2024-10-25 14:29
VLAI
Summary
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-108 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
6.0.4 and earlier
|
Date Public
2018-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-9191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:54.701165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:29:42.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "6.0.4 and earlier"
}
]
}
],
"datePublic": "2018-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T16:27:18.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-9191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "6.0.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-108",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2018-9191",
"datePublished": "2019-05-30T16:27:18.000Z",
"dateReserved": "2018-04-02T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:29:42.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5589 (GCVE-0-2019-5589)
Vulnerability from cvelistv5 – Published: 2019-05-28 21:42 – Updated: 2024-10-25 14:30
VLAI
Summary
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Unauthorized code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-19-060 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiClient for Windows |
Affected:
FortiClient for Windows version below 6.0.6
|
Date Public
2019-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:03:55.925107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:30:07.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiClient for Windows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClient for Windows version below 6.0.6"
}
]
}
],
"datePublic": "2019-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T21:42:19.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2019-5589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiClient for Windows version below 6.0.6"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-19-060",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-19-060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-5589",
"datePublished": "2019-05-28T21:42:19.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:30:07.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}