Sign-up

ID

VAR-202002-0389


CVE

CVE-2019-16152


TITLE

Linux for FortiClient Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014572

DESCRIPTION

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. Linux for FortiClient There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Security vulnerabilities exist in Fortinet FortiClient 6.2.1 and earlier versions based on the Linux platform. Attackers can use this vulnerability to cause denial of service through IPC sockets

Trust: 1.71

sources: NVD: CVE-2019-16152 // JVNDB: JVNDB-2019-014572 // VULHUB: VHN-148270

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:eqversion:6.2.1

Trust: 1.4

vendor:fortinetmodel:forticlientscope:lteversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:6.0.3

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.6

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.2.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.1

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.2

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.5

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.4

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:6.0.8

Trust: 0.6

sources: JVNDB: JVNDB-2019-014572 // CNNVD: CNNVD-201911-1061 // NVD: CVE-2019-16152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16152
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014572
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-1061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148270
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16152
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014572
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-148270
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16152
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014572
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148270 // JVNDB: JVNDB-2019-014572 // CNNVD: CNNVD-201911-1061 // NVD: CVE-2019-16152

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-148270 // JVNDB: JVNDB-2019-014572 // NVD: CVE-2019-16152

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1061

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014572

PATCH
title:FG-IR-19-238url:https://fortiguard.com/psirt/FG-IR-19-238
Trust: 0.8
title:Fortinet FortiClient Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108203
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-014572 // 
            
            
            
            CNNVD: CNNVD-201911-1061

EXTERNAL IDS
db:NVDid:CVE-2019-16152
Trust: 2.5
db:JVNDBid:JVNDB-2019-014572
Trust: 0.8
db:CNNVDid:CNNVD-201911-1061
Trust: 0.7
db:AUSCERTid:ESB-2019.4350.2
Trust: 0.6
db:AUSCERTid:ESB-2019.4350
Trust: 0.6
db:VULHUBid:VHN-148270
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148270 // 
            
            
            
            JVNDB: JVNDB-2019-014572 // 
            
            
            
            CNNVD: CNNVD-201911-1061 // 
            
            
            
            NVD: CVE-2019-16152

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-19-238
Trust: 2.3
url:https://danishcyberdefence.dk/blog/forticlient_linux
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-16152
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16152
Trust: 0.8
url:https://vigilance.fr/vulnerability/forticlient-for-linux-four-vulnerabilities-via-ipc-socket-30897
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4350/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4350.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-148270 // 
            
            
            
            JVNDB: JVNDB-2019-014572 // 
            
            
            
            CNNVD: CNNVD-201911-1061 // 
            
            
            
            NVD: CVE-2019-16152

SOURCES
db:VULHUBid:VHN-148270
db:JVNDBid:JVNDB-2019-014572
db:CNNVDid:CNNVD-201911-1061
db:NVDid:CVE-2019-16152

LAST UPDATE DATE
2024-11-23T21:51:40.644000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148270date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2019-014572date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-201911-1061date:2020-02-13T00:00:00
db:NVDid:CVE-2019-16152date:2024-11-21T04:30:09.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-148270date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2019-014572date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-201911-1061date:2019-11-18T00:00:00
db:NVDid:CVE-2019-16152date:2020-02-06T16:15:12.277