Описание
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.6 (исключая)
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 69%
0.00615
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-426
Связанные уязвимости
github
больше 3 лет назад
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
EPSS
Процентиль: 69%
0.00615
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-426