CVE-2022-26113

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 68.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientwindows
Timeline
PublishedJul 19
Latest updateJul 20

Description

An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.5 | Impact: 5.2

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10
NVDfortinet/forticlient6.0.06.0.10+3

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-44mg-h4h9-jj38: An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 72022-07-20
CVEList
CVE-2022-26113: An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 72022-07-18

📋Vendor Advisories

1
Fortinet
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 throug...2022-07-19
CVE-2022-26113 (HIGH CVSS 7.1) | An execution with unnecessary privi | cvebase.io