CVE-2020-9290
Last modified
CVE-2020-9290 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | <= 6.2.3 |
| Fortinet | Forticlient Virtual Private Network | <= 6.2.3 |
References
- https://fortiguard.com/psirt/FG-IR-19-060Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-19-060Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9290?
How severe is CVE-2020-9290?
How do I fix CVE-2020-9290?
Are you affected by CVE-2020-9290?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST