CVE-2020-9290 - OpenCVE

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fortinet	Forticlient Forticlient Virtual Private Network

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient_virtual_private_network::::::windows::*

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-19-060

History

Fri, 25 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2020-03-15T21:52:05

Updated: 2024-10-25T14:26:32.997Z

Reserved: 2020-02-19T00:00:00

Link: CVE-2020-9290

Vulnrichment

Updated: 2024-08-04T10:26:15.985Z

NVD

Status : Analyzed

Published: 2020-03-15T22:15:15.097

Modified: 2020-03-17T19:47:24.937

Link: CVE-2020-9290

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiClient for Windows", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "6.2.3 and below"}]}], "descriptions": [{"lang": "en", "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-15T21:52:05", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-19-060"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2020-9290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiClient for Windows", "version": {"version_data": [{"version_value": "6.2.3 and below"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-060", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-19-060"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:15.985Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-060"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:03:42.827614Z", "id": "CVE-2020-9290", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:26:32.997Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2020-9290", "datePublished": "2020-03-15T21:52:05", "dateReserved": "2020-02-19T00:00:00", "dateUpdated": "2024-10-25T14:26:32.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-060", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:15.985Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-9290", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-24T20:03:42.827614Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:17:18.267Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "Fortinet FortiClient for Windows", "versions": [{"status": "affected", "version": "6.2.3 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-060", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-03-15T21:52:05"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "6.2.3 and below"}]}, "product_name": "Fortinet FortiClient for Windows"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-060", "name": "https://fortiguard.com/psirt/FG-IR-19-060", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-9290", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-9290", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:26:32.997Z", "dateReserved": "2020-02-19T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-03-15T21:52:05", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0DA6BEE8-D1DC-45F4-B281-0C71048321F5", "versionEndIncluding": "6.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient_virtual_private_network:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CA3BC9BE-71B4-4ABE-A709-662784EE2100", "versionEndIncluding": "6.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory."}, {"lang": "es", "value": "Una vulnerabilidad de Ruta de B\u00fasqueda No Segura en FortiClient for Windows online installer versiones 6.2.3 y por debajo, puede permitir que un atacante local, con control sobre el directorio en el cual reside los archivos FortiClientOnlineInstaller.exe y FortiClientVPNOnlineInstaller.exe, ejecute c\u00f3digo arbitrario en el sistema por medio una carga de archivos maliciosos de la Filter Library DLL en ese directorio."}], "id": "CVE-2020-9290", "lastModified": "2020-03-17T19:47:24.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-15T22:15:15.097", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-060"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}