// For flags

CVE-2020-9290

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

Una vulnerabilidad de Ruta de Búsqueda No Segura en FortiClient for Windows online installer versiones 6.2.3 y por debajo, puede permitir que un atacante local, con control sobre el directorio en el cual reside los archivos FortiClientOnlineInstaller.exe y FortiClientVPNOnlineInstaller.exe, ejecute código arbitrario en el sistema por medio una carga de archivos maliciosos de la Filter Library DLL en ese directorio.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-02-19 CVE Reserved
  • 2020-03-15 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://fortiguard.com/psirt/FG-IR-19-060 2020-03-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fortinet
Search vendor "Fortinet"
 Forticlient
Search vendor "Fortinet" for product "Forticlient"
 <= 6.2.3
Search vendor "Fortinet" for product "Forticlient" and version " <= 6.2.3"
windows
Affected
Fortinet
Search vendor "Fortinet"
 Forticlient Virtual Private Network
Search vendor "Fortinet" for product "Forticlient Virtual Private Network"
 <= 6.2.3
Search vendor "Fortinet" for product "Forticlient Virtual Private Network" and version " <= 6.2.3"
windows
Affected