PT-2020-5574 · Fortinet · Forticlient

Published

2020-05-25

Updated

2021-04-20

CVE-2020-9291

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiClient for Windows versions 6.2.1 and below

Description The issue is related to the insecure use of temporary files in FortiClient for Windows. Exploitation of this issue may allow an attacker to gain elevated privileges, potentially through a symbolic link attack combined with exhausting the pool of temporary file names.

Recommendations For FortiClient for Windows versions 6.2.1 and below, consider restricting access to temporary files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable function related to temporary file handling until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-337CWE-668

Related Identifiers

BDU:2021-01187

CVE-2020-9291

Affected Products

Forticlient

PT-2020-5574 · Fortinet · Forticlient

CVE-2020-9291

Weakness Enumeration

Related Identifiers

Affected Products

References · 4