CVE-2020-9292 — Unquoted Search Path or Element in Fortinet Fortisiem Windows Agent

CWE-428 — Unquoted Search Path or Element4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 33.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisiem Windows Agent Fortinet Fortisiemwindowsagent

Timeline

PublishedJun 4

Latest updateMay 24

Description

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisiem_windows_agent3.1.2

▶CVEListV5fortinet/fortinet_fortisiemwindowsagentFortiSIEMWindowsAgent 3.1.2

🔴Vulnerability Details

GHSA

GHSA-qm43-fv69-q9v2: An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt exe↗2022-05-24

▶

CVEList

CVE-2020-9292: An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt exe↗2020-06-04

▶

📋Vendor Advisories

Fortinet

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated p...↗2020-06-04

▶