CVE-2020-15934

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.fortiguard.com/psirt/FG-IR-20-110	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient:6.4.0:::::linux::

History

21 Jan 2025, 20:38

Type	Values Removed	Values Added
References	~~() https://www.fortiguard.com/psirt/FG-IR-20-110 -~~	() https://www.fortiguard.com/psirt/FG-IR-20-110 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:forticlient::::::linux::* cpe:2.3:a:fortinet:forticlient:6.4.0:::::linux::
First Time		Fortinet Fortinet forticlient

19 Dec 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-19 11:15

Updated : 2025-01-21 20:38

NVD link : CVE-2020-15934

Mitre link : CVE-2020-15934

CVE.ORG link : CVE-2020-15934

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2020-15934", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-12-19T11:15:06.930", "references": [{"url": "https://www.fortiguard.com/psirt/FG-IR-20-110", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n con privilegios innecesarios en el motor VCM de FortiClient para Linux versiones 6.2.7 y anteriores, versi\u00f3n 6.4.0, puede permitir que usuarios locales eleven sus privilegios a superusuario mediante la creaci\u00f3n de un script o programa malicioso en la m\u00e1quina de destino."}], "lastModified": "2025-01-21T20:38:47.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "49F1914E-5D71-4DF6-89D7-D55C5A2CD54E", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "4ED4EE61-7872-4B1F-B0E1-35016FD4E547"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}

8.8 /10