CVE-2019-17652 — Out-of-bounds Write in Fortinet Forticlient

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 32.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientlinux

Timeline

PublishedFeb 6

Latest updateMay 24

Description

A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlientlinuxFortiClientLinux 6.2.1 and below

▶NVDfortinet/forticlient6.2.1

🔴Vulnerability Details

GHSA

GHSA-j454-8m43-mvvq: A stack buffer overflow vulnerability in FortiClient for Linux 6↗2022-05-24

▶

CVEList

CVE-2019-17652: A stack buffer overflow vulnerability in FortiClient for Linux 6↗2020-02-06

▶

📋Vendor Advisories

Fortinet

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to ru...↗2020-02-06

▶