Unsafe Search Path Vulnerability in FortiClient EMS by Fortinet
CVE-2020-9287

7.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Forticlient Ems
Vendor
CVE Published:
15 March 2020

Summary

An unsafe search path vulnerability allows a local attacker who controls the directory containing the FortiClientEMSOnlineInstaller.exe to introduce malicious Filter Library DLL files. This could lead to unauthorized arbitrary code execution on the targeted system, posing significant security risks.

Affected Version(s)

Fortinet FortiClient EMS 6.2.1 and below

References

https://fortiguard.com/psirt/FG-IR-19-060
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.