CVE-2020-15941

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-20-074 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*

History

14 Oct 2021, 14:57

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
CWE CWE-22
CVSS v2 : unknown
v3 : unknown
v2 : 5.5
v3 : 5.4
References (CONFIRM) https://fortiguard.com/advisory/FG-IR-20-074 - (CONFIRM) https://fortiguard.com/advisory/FG-IR-20-074 - Vendor Advisory

06 Oct 2021, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-06 10:15

Updated : 2024-02-04 22:08


NVD link : CVE-2020-15941

Mitre link : CVE-2020-15941

CVE.ORG link : CVE-2020-15941


JSON object : View

Products Affected

fortinet

  • forticlient_endpoint_management_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')