{"containers": {"cna": {"affected": [{"product": "Fortinet FortiClientLinux", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiClientLinux 6.2.1 and below"}]}], "descriptions": [{"lang": "en", "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."}], "problemTypes": [{"descriptions": [{"description": "Escalation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-07T16:05:15.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"tags": ["x_refsource_MISC"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-16152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiClientLinux", "version": {"version_data": [{"version_value": "FortiClientLinux 6.2.1 and below"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-238", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"name": "https://danishcyberdefence.dk/blog/forticlient_linux", "refsource": "MISC", "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.743Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:59:32.641067Z", "id": "CVE-2019-16152", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:03:38.520Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-16152", "datePublished": "2020-02-06T15:27:36.000Z", "dateReserved": "2019-09-09T00:00:00.000Z", "dateUpdated": "2024-10-25T14:03:38.520Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.743Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-16152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:59:32.641067Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:00:44.498Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "Fortinet FortiClientLinux", "versions": [{"status": "affected", "version": "FortiClientLinux 6.2.1 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-02-07T16:05:15.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiClientLinux 6.2.1 and below"}]}, "product_name": "Fortinet FortiClientLinux"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "name": "https://fortiguard.com/psirt/FG-IR-19-238", "refsource": "CONFIRM"}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "name": "https://danishcyberdefence.dk/blog/forticlient_linux", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of privilege"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16152", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-16152", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:03:38.520Z", "dateReserved": "2019-09-09T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-02-06T15:27:36.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "matchCriteriaId": "E48E9C78-9690-4FC2-86A8-290DF7321A57", "versionEndIncluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."}, {"lang": "es", "value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en FortiClient para Linux versiones 6.2.1 y posteriores, puede permitir a un usuario con privilegios bajos causar que los procesos de FortiClient se ejecuten bajo bloqueos de los privilegios root mediante el env\u00edo de peticiones del cliente IPC especialmente dise\u00f1adas hacia el proceso fctsched debido a que el nanomsg no ha sido validado correctamente."}], "id": "CVE-2019-16152", "lastModified": "2024-11-21T04:30:09.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-06T16:15:12.277", "references": [{"source": "psirt@fortinet.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}