Detections
Analytics
Fortinet FortiClient Crafted VPN Connection Name Handling Local Format String
high Nessus Plugin ID 56049
Language:
Synopsis
The remote Windows host contains a security application that is affected by a local format string vulnerability.Description
FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host.The installed version does not properly handle format string specifiers within a VPN connection name. A local user may be able to leverage this issue to read and write arbitrary memory with SYSTEM privileges.
Solution
Upgrade to Fortinet FortiClient 3.0 MR7 Patch 6 (3.0.616) or later.See Also
https://www.securityfocus.com/archive/1/502354/30/0/threaded
Plugin Details
Severity: High
ID: 56049
File Name: forticlient_3_0_616.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows
Published: 9/8/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:fortinet:forticlient
Required KB Items: installed_sw/FortiClient
Exploit Ease: No known exploits are available
Patch Publication Date: 3/13/2009
Vulnerability Publication Date: 4/1/2009
Reference Information
CVE: CVE-2009-1262
BID: 34343
CWE: 134