CVE-2019-16155

Published: Feb 7, 2020

Modified: Oct 25, 2024

PUBLISHED

Description

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.

Vendor	Product	Versions
Fortinet	Fortinet FortiClientLinux	affected `FortiClientLinux 6.2.1 and below`

References

https://fortiguard.com/psirt/FG-IR-19-238

x_refsource_CONFIRM

https://danishcyberdefence.dk/blog/forticlient_linux

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-16155

Description

Affected Products

References