Sign-up

ID

VAR-202003-1480


CVE

CVE-2020-9287


TITLE

FortiClient EMS Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002863

DESCRIPTION

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. FortiClient EMS There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. The FortiClientEMSOnlineInstaller.exe file in Fortinet FortiClient EMS 6.2.1 and earlier versions has a code issue vulnerability. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.8

sources: NVD: CVE-2020-9287 // JVNDB: JVNDB-2020-002863 // VULHUB: VHN-187412 // VULMON: CVE-2020-9287

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient emergency management serverscope:lteversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:forticlient emsscope:eqversion:6.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-002863 // NVD: CVE-2020-9287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9287
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002863
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-651
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187412
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9287
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-002863
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187412
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9287
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002863
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187412 // VULMON: CVE-2020-9287 // JVNDB: JVNDB-2020-002863 // CNNVD: CNNVD-202003-651 // NVD: CVE-2020-9287

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-187412 // JVNDB: JVNDB-2020-002863 // NVD: CVE-2020-9287

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-651

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-651

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002863

PATCH
title:FG-IR-19-060url:https://fortiguard.com/psirt/FG-IR-19-060
Trust: 0.8
title:Fortinet FortiClient Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112505
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002863 // 
            
            
            
            CNNVD: CNNVD-202003-651

EXTERNAL IDS
db:NVDid:CVE-2020-9287
Trust: 2.6
db:JVNDBid:JVNDB-2020-002863
Trust: 0.8
db:CNNVDid:CNNVD-202003-651
Trust: 0.7
db:AUSCERTid:ESB-2019.1785.2
Trust: 0.6
db:VULHUBid:VHN-187412
Trust: 0.1
db:VULMONid:CVE-2020-9287
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187412 // 
            
            
            
            VULMON: CVE-2020-9287 // 
            
            
            
            JVNDB: JVNDB-2020-002863 // 
            
            
            
            CNNVD: CNNVD-202003-651 // 
            
            
            
            NVD: CVE-2020-9287

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-19-060
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9287
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9287
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.1785.2/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187412 // 
            
            
            
            VULMON: CVE-2020-9287 // 
            
            
            
            JVNDB: JVNDB-2020-002863 // 
            
            
            
            CNNVD: CNNVD-202003-651 // 
            
            
            
            NVD: CVE-2020-9287

CREDITS
Houjingyi (houjingyi647@gmail.com)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202003-651

SOURCES
db:VULHUBid:VHN-187412
db:VULMONid:CVE-2020-9287
db:JVNDBid:JVNDB-2020-002863
db:CNNVDid:CNNVD-202003-651
db:NVDid:CVE-2020-9287

LAST UPDATE DATE
2024-11-23T22:21:42.101000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187412date:2020-03-17T00:00:00
db:VULMONid:CVE-2020-9287date:2020-03-17T00:00:00
db:JVNDBid:JVNDB-2020-002863date:2020-03-27T00:00:00
db:CNNVDid:CNNVD-202003-651date:2020-03-27T00:00:00
db:NVDid:CVE-2020-9287date:2024-11-21T05:40:21.673

SOURCES RELEASE DATE
db:VULHUBid:VHN-187412date:2020-03-15T00:00:00
db:VULMONid:CVE-2020-9287date:2020-03-15T00:00:00
db:JVNDBid:JVNDB-2020-002863date:2020-03-27T00:00:00
db:CNNVDid:CNNVD-202003-651date:2020-03-12T00:00:00
db:NVDid:CVE-2020-9287date:2020-03-15T22:15:15.020