Stack Buffer Overflow in FortiClient for Linux by Fortinet
CVE-2019-17652

6.5MEDIUM

Key Information:

Vendor
Fortinet
Vendor
CVE Published:
6 February 2020

Summary

A stack buffer overflow vulnerability exists in FortiClient for Linux versions 6.2.1 and earlier, allowing a low-privilege user to send specially crafted IPC requests to the fctsched process. This improper sanitization of the argv data can lead to crashes in FortiClient processes running with root privileges, potentially disrupting the security features of the software.

Affected Version(s)

Fortinet FortiClientLinux FortiClientLinux 6.2.1 and below

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.