Unquoted Service Path Vulnerability in FortiSIEM Windows Agent by Fortinet
CVE-2020-9292

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisiemwindowsagent
Vendor: CVE Published:; 4 June 2020

What is CVE-2020-9292?

An unquoted service path vulnerability exists in the FortiSIEM Windows Agent, specifically within the AoWinAgt executable. This flaw could potentially allow an attacker to execute malicious code with elevated privileges by manipulating the service path, leading to unauthorized access and control over affected systems. Organizations using this product should assess their exposure and implement mitigations to safeguard against potential exploitation.

Affected Version(s)

Fortinet FortiSIEMWindowsAgent FortiSIEMWindowsAgent 3.1.2

References

https://fortiguard.com/advisory/FG-IR-20-021

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2020
Vulnerability Reserved
Feb 19, 2020