OpenCVE

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Forticlient

Configuration 1 [-]

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*

No data.

References

Link	Providers
https://danishcyberdefence.dk/blog/forticlient_linux
https://fortiguard.com/psirt/FG-IR-19-238

History

Fri, 25 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2020-02-07T14:47:28

Updated: 2024-10-25T14:03:28.477Z

Reserved: 2019-09-09T00:00:00

Link: CVE-2019-16155

Vulnrichment

Updated: 2024-08-05T01:10:41.242Z

NVD

Status : Modified

Published: 2020-02-07T15:15:11.757

Modified: 2024-11-21T04:30:09.707

Link: CVE-2019-16155

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiClientLinux", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiClientLinux 6.2.1 and below"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."}], "problemTypes": [{"descriptions": [{"description": "Escalation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-07T16:05:46", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"tags": ["x_refsource_MISC"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-16155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiClientLinux", "version": {"version_data": [{"version_value": "FortiClientLinux 6.2.1 and below"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-238", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"name": "https://danishcyberdefence.dk/blog/forticlient_linux", "refsource": "MISC", "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.242Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:59:31.046863Z", "id": "CVE-2019-16155", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:03:28.477Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-16155", "datePublished": "2020-02-07T14:47:28", "dateReserved": "2019-09-09T00:00:00", "dateUpdated": "2024-10-25T14:03:28.477Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.242Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-16155", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:59:31.046863Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:00:42.782Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "Fortinet FortiClientLinux", "versions": [{"status": "affected", "version": "FortiClientLinux 6.2.1 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-02-07T16:05:46"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiClientLinux 6.2.1 and below"}]}, "product_name": "Fortinet FortiClientLinux"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-238", "name": "https://fortiguard.com/psirt/FG-IR-19-238", "refsource": "CONFIRM"}, {"url": "https://danishcyberdefence.dk/blog/forticlient_linux", "name": "https://danishcyberdefence.dk/blog/forticlient_linux", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of privilege"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16155", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-16155", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:03:28.477Z", "dateReserved": "2019-09-09T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-02-07T14:47:28", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "matchCriteriaId": "E48E9C78-9690-4FC2-86A8-290DF7321A57", "versionEndIncluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios en FortiClient para Linux versiones 6.2.1 y posteriores, puede permitir a un usuario con privilegios bajos sobrescribir los archivos del sistema como root con contenido arbitrario por medio del archivo de copia de seguridad del sistema mediante peticiones de cliente IPC tipo \"BackupConfig\" especialmente dise\u00f1adas para el proceso fctsched. Adem\u00e1s, FortiClient para Linux versiones 6.2.2 y posteriores, permiten a usuarios con pocos privilegios escribir el archivo de copia de seguridad del sistema con privilegios root por medio de la GUI, por lo que pueden causar una sobrescritura del archivo del sistema root."}], "id": "CVE-2019-16155", "lastModified": "2024-11-21T04:30:09.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-07T15:15:11.757", "references": [{"source": "psirt@fortinet.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://danishcyberdefence.dk/blog/forticlient_linux"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-238"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}