FortiClient VCM Engine Privilege Escalation Vulnerability
CVE-2020-15934 Published on December 19, 2024

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Products Associated with CVE-2020-15934

Want to know whenever a new CVE is published for Fortinet FortiClient? stack.watch will email you.

Fortinet FortiClient

Affected Versions

Fortinet FortiClientLinux:

Version 6.4.0 is affected.
Version 6.2.6, <= 6.2.7 is affected.
Version 6.2.0, <= 6.2.4 is affected.
Version 6.0.8 is affected.
Version 6.0.0, <= 6.0.6 is affected.

Exploit Probability

EPSS

0.09%

Percentile

24.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

FortiClient VCM Engine Privilege Escalation VulnerabilityCVE-2020-15934 Published on December 19, 2024

Vulnerability Analysis

Weakness Type

Improper Privilege Management

Products Associated with CVE-2020-15934

Affected Versions

Exploit Probability

FortiClient VCM Engine Privilege Escalation Vulnerability
CVE-2020-15934 Published on December 19, 2024