Details of VAR-202003-0841

ID

VAR-202003-0841

CVE

CVE-2019-17658

TITLE

FortiClientWindows Vulnerability in unquoted search paths or elements in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014973

DESCRIPTION

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. FortiClientWindows Contains vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. A code issue vulnerability exists in Fortinet FortiClient FortiTray (Windows) 6.2.2 and earlier versions

Trust: 1.71

sources: NVD: CVE-2019-17658 // JVNDB: JVNDB-2019-014973 // VULHUB: VHN-149926

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.2.2	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.0.9	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	eq	version:	6.2.2	Trust: 0.8

sources: JVNDB: JVNDB-2019-014973 // NVD: CVE-2019-17658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17658
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-014973
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202003-779
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-149926
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-17658
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014973
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-149926
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-17658
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014973
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149926 // JVNDB: JVNDB-2019-014973 // CNNVD: CNNVD-202003-779 // NVD: CVE-2019-17658

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.9

sources: VULHUB: VHN-149926 // JVNDB: JVNDB-2019-014973 // NVD: CVE-2019-17658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-779

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-779

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014973

PATCH

title:	FG-IR-19-281	url:	https://fortiguard.com/psirt/FG-IR-19-281	Trust: 0.8
title:	Fortinet FortiClient FortiTray Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111914	Trust: 0.6

sources: JVNDB: JVNDB-2019-014973 // CNNVD: CNNVD-202003-779

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17658	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014973	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-779	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0905	Trust: 0.6
db:	CNVD	id:	CNVD-2020-19915	Trust: 0.1
db:	VULHUB	id:	VHN-149926	Trust: 0.1

sources: VULHUB: VHN-149926 // JVNDB: JVNDB-2019-014973 // CNNVD: CNNVD-202003-779 // NVD: CVE-2019-17658

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-281	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17658	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17658	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0905/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-forticlient-privilege-escalation-via-forticlientconsole-31782	Trust: 0.6

sources: VULHUB: VHN-149926 // JVNDB: JVNDB-2019-014973 // CNNVD: CNNVD-202003-779 // NVD: CVE-2019-17658

SOURCES

db:	VULHUB	id:	VHN-149926
db:	JVNDB	id:	JVNDB-2019-014973
db:	CNNVD	id:	CNNVD-202003-779
db:	NVD	id:	CVE-2019-17658

LAST UPDATE DATE

2024-11-23T23:11:32.745000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149926	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014973	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-779	date:	2020-03-20T00:00:00
db:	NVD	id:	CVE-2019-17658	date:	2024-11-21T04:32:43.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149926	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014973	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-779	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2019-17658	date:	2020-03-12T22:15:14.907