CVE-2020-15934

Name of the Vulnerable Software and Affected Versions FortiClient for Linux versions 6.2.7 and below, version 6.4.0

Description The issue is related to insecure privilege management in the VCM engine of FortiClient for Linux. Exploitation of this issue may allow a remote attacker to elevate their privileges to the root level. Local users can elevate their privileges to root by creating a malicious script or program on the target machine.

Recommendations For FortiClient for Linux versions 6.2.7 and below, consider disabling the VCM engine until a patch is available. For version 6.4.0, restrict access to the VCM engine to minimize the risk of exploitation. As a temporary workaround, consider disabling any unnecessary scripts or programs that may be used to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.