CVE-2019-5589

Summary

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClient for WindowsFortiClient for Windows version below 6.0.6affected

Weaknesses

  • Unauthorized code execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References