CVE-2019-5589
First published: Tue May 28 2019(Updated: )
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiClient Windows | <6.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this FortiClient vulnerability?
The vulnerability ID of this FortiClient vulnerability is CVE-2019-5589.
What is the affected software version of this vulnerability?
The affected software version of this vulnerability is FortiClient Windows version before 6.0.6.
What is the severity level of vulnerability CVE-2019-5589?
The severity level of vulnerability CVE-2019-5589 is critical with a severity value of 7.8.
How does this vulnerability impact the system?
This vulnerability may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: https://fortiguard.com/advisory/FG-IR-19-060.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet forticlient windows