CVE-2019-16155

Name of the Vulnerable Software and Affected Versions FortiClient for Linux versions 6.2.1 and below FortiClient for Linux versions 6.2.2 and below

Description The issue is related to a privilege escalation vulnerability in the implementation of the backup configuration script. It is caused by insufficient access control, allowing an attacker to send specially crafted IPC requests to elevate their privileges. This can enable a low-privilege user to overwrite system files with arbitrary content as root through the system backup file. Additionally, the vulnerability can be exploited through the GUI, allowing a low-privilege user to write the system backup file under root privilege.

Recommendations For FortiClient for Linux versions 6.2.1 and below, update to a version above 6.2.1 to resolve the issue. For FortiClient for Linux versions 6.2.2 and below, restrict access to the GUI backup configuration feature to prevent low-privilege users from writing the system backup file under root privilege until a patch is available.