Lucene search

K
cveFortinetCVE-2019-15711
HistoryFeb 06, 2020 - 4:15 p.m.

CVE-2019-15711

2020-02-0616:15:12
fortinet
web.nvd.nist.gov
29
cve-2019-15711
forticlient
linux
privilege escalation
vulnerability
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.2%

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted “ExportLogs” type IPC client requests to the fctsched process.

Affected configurations

Nvd
Node
fortinetforticlientRange6.2.1linux
VendorProductVersionCPE
fortinetforticlientcpe:/a:fortinet:forticlient::::

CNA Affected

[
  {
    "product": "Fortinet FortiClientLinux",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientLinux 6.2.1 and below"
      }
    ]
  }
]

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.2%

Related for CVE-2019-15711