CVE-2019-16152 — Improper Input Validation in Fortinet Forticlient

CWE-20 — Improper Input Validation CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 32.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientlinux

Timeline

PublishedFeb 6

Latest updateMay 24

Description

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlientlinuxFortiClientLinux 6.2.1 and below

▶NVDfortinet/forticlient6.2.1

🔴Vulnerability Details

GHSA

GHSA-w9pw-cfwx-mjq5: A Denial of service (DoS) vulnerability in FortiClient for Linux 6↗2022-05-24

▶

CVEList

CVE-2019-16152: A Denial of service (DoS) vulnerability in FortiClient for Linux 6↗2020-02-06

▶

📋Vendor Advisories

Fortinet

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to ru...↗2020-02-06

▶