Path traversal

2023-09-1313:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

unauthorized access

forticlientems

version management

environment variables

nvd

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

CPENameOperatorVersion
forticlient_endpoint_management_serverge6.2.0
forticlient_endpoint_management_serverle6.2.9
forticlient_endpoint_management_serverge7.0.6
forticlient_endpoint_management_serverle7.0.7
forticlient_endpoint_management_serverge7.0.0
forticlient_endpoint_management_serverle7.0.4
forticlient_endpoint_management_serverge6.4.0
forticlient_endpoint_management_serverle6.4.9

Name	Operator	Version
forticlient_endpoint_management_server	ge	6.2.0
forticlient_endpoint_management_server	le	6.2.9
forticlient_endpoint_management_server	ge	7.0.6
forticlient_endpoint_management_server	le	7.0.7
forticlient_endpoint_management_server	ge	7.0.0
forticlient_endpoint_management_server	le	7.0.4
forticlient_endpoint_management_server	ge	6.4.0
forticlient_endpoint_management_server	le	6.4.9

References

fortiguard.com/psirt/FG-IR-21-244