Lucene search
China National Vulnerability DatabaseCNVD-2023-98182HistoryNov 17, 2023 - 12:00 a.m.
Fortinet FortiClient Path Traversal Vulnerability (CNVD-2023-98182)
2023-11-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
forticlient
path traversal
vulnerability
fortinet
dll hijacking
attack
openssl engine
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A path traversal vulnerability exists in Fortinet FortiClient, which stems from the presence of an untrusted search path. An attacker could use this vulnerability to perform a DLL hijacking attack via a malicious OpenSSL engine library in the search path.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortinet forticlientwindows | eq | 7.0.9 | |
| fortinet forticlientwindows | eq | 7.2.0 | |
| fortinet forticlientwindows | eq | 7.2.1 |
Related
cve
cve
CVE-2023-41840
2023-11-14 18:15:53
nvd
nvd
CVE-2023-41840
2023-11-14 18:15:53
nessus
nessus
Fortinet FortiClient (FG-IR-23-274)
2024-06-14 00:00:00
cvelist
cvelist
CVE-2023-41840
2023-11-14 18:04:55
prion
prion
Design/Logic Flaw
2023-11-14 18:15:00