CVE-2020-15941
published 2021-10-06CVE-2020-15941: A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory…
medium5.4CVSS 3.1
AVNACLPRLUINSUCNILAL
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient_endpoint_management_server | < 6.2.9 | 6.2.9 |
| fortinet | forticlient_endpoint_management_server | >= 6.4.0 < 6.4.2 | 6.4.2 |
| fortinet | forticlientems | — | — |
| fortinet | forticlientendpointmanagementserver | — | — |
| fortinet | fortinet_forticlientems | — | — |