CVE-2019-15711

Name of the Vulnerable Software and Affected Versions FortiClient for Linux versions 6.2.1 and below

Description The issue is related to the Export logs function in FortiClient for Linux, which is associated with incorrect restriction of the directory path name with limited access. Exploitation of this issue may allow an attacker to elevate privileges by sending specially crafted IPC requests. This can enable a user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.

Recommendations For FortiClient for Linux versions 6.2.1 and below, consider restricting access to the fctsched process to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the "ExportLogs" type IPC client requests to the fctsched process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.