CVE-2019-17658

9.8CRITICAL

Key Information:

Vendor
Fortinet
Status
Fortinet Forticlientwindows
Vendor
CVE Published:
12 March 2020

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Affected Version(s)

Fortinet FortiClientWindows 6.2.2 and prior

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-17658
Created by Ibonok

References

https://fortiguard.com/advisory/FG-IR-19-281
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability Reserved

.