CVE-2022-26113

2022-07-1914:15:08

CWE-269

[email protected]

web.nvd.nist.gov

forticlientwindows

vulnerability

cwe-250

arbitrary file write

nvd

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:F/RL:U/RC:C

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.

Affected configurations

NVD

Node

fortinetforticlientRange6.0.0–6.0.10windows

fortinetforticlientRange6.2.0–6.2.9windows

fortinetforticlientRange6.4.0–6.4.7windows

fortinetforticlientRange7.0.0–7.0.3windows

CPENameOperatorVersion
fortinet:forticlientfortinet forticlientle6.0.10
fortinet:forticlientfortinet forticlientle6.2.9
fortinet:forticlientfortinet forticlientle6.4.7
fortinet:forticlientfortinet forticlientle7.0.3

CPE	Name	Operator	Version
fortinet:forticlient	fortinet forticlient	le	6.0.10
fortinet:forticlient	fortinet forticlient	le	6.2.9
fortinet:forticlient	fortinet forticlient	le	6.4.7
fortinet:forticlient	fortinet forticlient	le	7.0.3

CNA Affected

[
  {
    "product": "Fortinet FortiClientWindows",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10"
      }
    ]
  }
]