CVE-2019-16155
First published: Fri Feb 07 2020(Updated: )
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Forticlient | <=6.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16155?
CVE-2019-16155 is a privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below.
What is the severity of CVE-2019-16155?
CVE-2019-16155 has a severity rating of 7.1, which is considered high.
How does CVE-2019-16155 allow privilege escalation?
CVE-2019-16155 allows a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted 'BackupConfig' IPC client requests.
Which version of FortiClient for Linux is affected by CVE-2019-16155?
FortiClient for Linux version 6.2.1 and below is affected by CVE-2019-16155.
Is there a fix for CVE-2019-16155?
Yes, it is recommended to upgrade to a version of FortiClient for Linux that is above 6.2.1.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet forticlient
- version/fortinet forticlient/6.2.1