#VU47346 Insecure DLL loading in Fortinet FortiClient for Windows - CVE-2020-9290
Published: March 15, 2020 / Updated: October 6, 2020
Vulnerability identifier: #VU47346
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9290
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Fortinet FortiClient for Windows
Fortinet FortiClient for Windows
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides can execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
Remediation
Install updates from vendor's website.