CVE-2020-9287

CVE Database · CVE-2020-9287

CVE-2020-9287

· HIGHModified

CVSS v3.1

7.8

EPSS

0.60%

Published

Mar 15, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-427

Affected Products (1)

fortinet · forticlient_emergency_management_servervulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-19-060

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-19-060

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs