Sign-up

ID

VAR-201905-1053


CVE

CVE-2018-9193


TITLE

Windows for Fortinet FortiClient Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015539

DESCRIPTION

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There are permissions and access control vulnerabilities in Fortinet FortiClient 6.0.4 and earlier versions based on the Windows platform. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2018-9193 // JVNDB: JVNDB-2018-015539 // BID: 108532 // VULHUB: VHN-139225

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:lteversion:6.0.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.4 (windows)

Trust: 0.8

vendor:fortinetmodel:forticlientscope:neversion:6.0.5

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:3.0.614

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:forticlient mr7 patchscope:eqversion:3.06

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:eqversion:3.04

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.28

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:forticlient buildscope:eqversion:5.2.0591

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:eqversion:3.03

Trust: 0.3

vendor:fortinetmodel:forticlient mr6scope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.091

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.4.0650

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:2.0

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.0.10

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.3

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.633

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.6

Trust: 0.3

sources: BID: 108532 // JVNDB: JVNDB-2018-015539 // NVD: CVE-2018-9193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9193
value: HIGH

Trust: 1.0

NVD: CVE-2018-9193
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-1107
value: HIGH

Trust: 0.6

VULHUB: VHN-139225
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9193
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139225
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9193
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139225 // JVNDB: JVNDB-2018-015539 // CNNVD: CNNVD-201905-1107 // NVD: CVE-2018-9193

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-139225 // JVNDB: JVNDB-2018-015539 // NVD: CVE-2018-9193

THREAT TYPE

local

Trust: 0.9

sources: BID: 108532 // CNNVD: CNNVD-201905-1107

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-1107

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015539

PATCH
title:FG-IR-18-108url:https://fortiguard.com/advisory/FG-IR-18-108
Trust: 0.8
title:Fortinet FortiClient Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93045
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015539 // 
            
            
            
            CNNVD: CNNVD-201905-1107

EXTERNAL IDS
db:NVDid:CVE-2018-9193
Trust: 2.8
db:JVNDBid:JVNDB-2018-015539
Trust: 0.8
db:CNNVDid:CNNVD-201905-1107
Trust: 0.7
db:BIDid:108532
Trust: 0.3
db:VULHUBid:VHN-139225
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139225 // 
            
            
            
            BID: 108532 // 
            
            
            
            JVNDB: JVNDB-2018-015539 // 
            
            
            
            CNNVD: CNNVD-201905-1107 // 
            
            
            
            NVD: CVE-2018-9193

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-18-108
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-9193
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9193
Trust: 0.8
url:https://forticlient.com/
Trust: 0.3
url:https://fortiguard.com/psirt/fg-ir-18-108
Trust: 0.3
sources:
            
            
            VULHUB: VHN-139225 // 
            
            
            
            BID: 108532 // 
            
            
            
            JVNDB: JVNDB-2018-015539 // 
            
            
            
            CNNVD: CNNVD-201905-1107 // 
            
            
            
            NVD: CVE-2018-9193

CREDITS
Kevin Joensen from Secu A/S
Trust: 0.3
sources:
            
            
            BID: 108532

SOURCES
db:VULHUBid:VHN-139225
db:BIDid:108532
db:JVNDBid:JVNDB-2018-015539
db:CNNVDid:CNNVD-201905-1107
db:NVDid:CVE-2018-9193

LAST UPDATE DATE
2024-11-23T21:37:18.042000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139225date:2020-08-24T00:00:00
db:BIDid:108532date:2018-12-22T00:00:00
db:JVNDBid:JVNDB-2018-015539date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1107date:2020-08-25T00:00:00
db:NVDid:CVE-2018-9193date:2024-11-21T04:15:09.067

SOURCES RELEASE DATE
db:VULHUBid:VHN-139225date:2019-05-30T00:00:00
db:BIDid:108532date:2018-12-22T00:00:00
db:JVNDBid:JVNDB-2018-015539date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1107date:2019-05-30T00:00:00
db:NVDid:CVE-2018-9193date:2019-05-30T17:29:00.340