Description
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
F
RL
X
RC
X
Affected products
- fortinet / forticlientlinux6.4.0 – 6.4.0
- fortinet / forticlientlinux6.2.6 – 6.2.7
- fortinet / forticlientlinux6.2.0 – 6.2.4
- fortinet / forticlientlinux6.0.8 – 6.0.8
- fortinet / forticlientlinux6.0.0 – 6.0.6
References
- VENDOR_ADVISORYhttps://www.fortiguard.com/psirt/FG-IR-20-110