What is the severity of CVE-2020-9290?

The severity of CVE-2020-9290 is high, with a CVSS score of 7.8.

How does CVE-2020-9290 affect FortiClient for Windows?

CVE-2020-9290 affects FortiClient for Windows online installer version 6.2.3 and below.

How does CVE-2020-9290 affect FortiClient Virtual Private Network (VPN)?

CVE-2020-9290 affects FortiClient Virtual Private Network (VPN) online installer version 6.2.3 and below.

Is there a fix available for CVE-2020-9290?

Updating to a version of FortiClient for Windows online installer and FortiClient Virtual Private Network (VPN) online installer that is above version 6.2.3 can fix this vulnerability.

Vulnerability/
CVE-2020-9290

high

7.8

CWE

427

15/3/2020

25/10/2024

CVE-2020-9290

Q: How can a local attacker exploit CVE-2020-9290?

A local attacker with control over the directory where FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe reside can upload malicious code to execute arbitrary code on the system.

First published: Sun Mar 15 2020(Updated: )

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiClient Windows	<=6.2.3
Fortinet Forticlient Virtual Private Network	<=6.2.3

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-19-060

Frequently Asked Questions

What is the severity of CVE-2020-9290?
The severity of CVE-2020-9290 is high, with a CVSS score of 7.8.
How does CVE-2020-9290 affect FortiClient for Windows?
CVE-2020-9290 affects FortiClient for Windows online installer version 6.2.3 and below.
How does CVE-2020-9290 affect FortiClient Virtual Private Network (VPN)?
CVE-2020-9290 affects FortiClient Virtual Private Network (VPN) online installer version 6.2.3 and below.
How can a local attacker exploit CVE-2020-9290?
A local attacker with control over the directory where FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe reside can upload malicious code to execute arbitrary code on the system.
Is there a fix available for CVE-2020-9290?
Updating to a version of FortiClient for Windows online installer and FortiClient Virtual Private Network (VPN) online installer that is above version 6.2.3 can fix this vulnerability.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/references
agent/author
agent/severity
agent/description
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
vendor/fortinet
canonical/fortinet forticlient windows
version/fortinet forticlient windows/6.2.3
canonical/fortinet forticlient virtual private network
version/fortinet forticlient virtual private network/6.2.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.