CVE-2020-9291

Published: Jun 1, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

Affected (2)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	Up to 6.0.9
Fortinet Forticlient	From 6.2.0 to 6.2.1

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (3)

https://fortiguard.com/psirt/FG-IR-20-040

Source: psirt@fortinet.com

Broken Link

https://www.fortiguard.com/psirt/FG-IR-20-040

Source: nvd@nist.gov

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-040

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.