CVE-2019-17658

CWE-4284 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientwindows
Timeline
PublishedMar 12
Latest updateMay 24

Description

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindows6.2.2 and prior
NVDfortinet/forticlient6.0.06.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-m95v-g4pm-pcq9: An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v62022-05-24
CVEList
CVE-2019-17658: An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v62020-03-12

📋Vendor Advisories

1
Fortinet
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior all...2020-03-12
CVE-2019-17658 (CRITICAL CVSS 9.8) | An unquoted service path vulnerabil | cvebase.io