CVE-2020-15934 — Improper Privilege Management in Fortinet Forticlient

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGHNVD

CNA8.8

EPSS

0.1%

top 79.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientlinux

Timeline

PublishedDec 19

Description

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/forticlientlinux6.2.6 — 6.2.7+4

▶NVDfortinet/forticlient6.0.0 — 6.2.8+1

🔴Vulnerability Details

CVEList

CVE-2020-15934: An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6↗2024-12-19

▶

GHSA

GHSA-8prr-359h-f8c7: An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6↗2024-12-19

▶

📋Vendor Advisories

Fortinet

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and bel...↗2024-12-19

▶