CVE-2020-15934

Summary

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientLinux6.4.0affected
FortinetFortiClientLinux6.2.6 <= 6.2.7affected
FortinetFortiClientLinux6.2.0 <= 6.2.4affected
FortinetFortiClientLinux6.0.8affected
FortinetFortiClientLinux6.0.0 <= 6.0.6affected

Weaknesses

  • CWE-269: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References