CVE-2019-5589

Published: May 28, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

Affected (1)

Products: Fortinet: Forticlient

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Before 6.0.6

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://fortiguard.com/advisory/FG-IR-19-060

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-19-060

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.