CVE-2019-5589 — Untrusted Search Path in Fortinet Forticlient

CWE-426 — Untrusted Search Path CWE-427 — Uncontrolled Search Path Element4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlient FOR Windows

Timeline

PublishedMay 28

Latest updateMay 24

Description

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlient_for_windowsFortiClient for Windows version below 6.0.6

▶NVDfortinet/forticlient< 6.0.6

🔴Vulnerability Details

GHSA

GHSA-mpgm-cx4r-632r: An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6↗2022-05-24

▶

CVEList

CVE-2019-5589: An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6↗2019-05-28

▶

📋Vendor Advisories

Fortinet

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthen...↗2019-05-28

▶