CVE-2018-9191Improper Privilege Management in Fortinet Forticlient

4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlient FOR Windows
Timeline
PublishedMay 30
Latest updateMay 24

Description

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlient_for_windows6.0.4 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-3c4j-chc9-8m6m: A local privilege escalation in Fortinet FortiClient for Windows 62022-05-24
CVEList
CVE-2018-9191: A local privilege escalation in Fortinet FortiClient for Windows 62019-05-30

📋Vendor Advisories

1
Fortinet
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthoriz...2019-05-30
CVE-2018-9191 — Improper Privilege Management | cvebase