Main Vulnerability Database Vulnerabilities #VU47346

Insecure DLL loading in Fortinet FortiClient for Windows - CVE-2020-9290

Published: March 15, 2020 / Updated: October 6, 2020

Vulnerability identifier: #VU47346

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9290

CWE-ID: CWE-427

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
Fortinet FortiClient for Windows

Detailed vulnerability description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides can execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.

How to mitigate CVE-2020-9290

Install updates from vendor's website.

Sources

https://fortiguard.com/psirt/FG-IR-19-060

Insecure DLL loading in Fortinet FortiClient for Windows - CVE-2020-9290

Detailed vulnerability description

How to mitigate CVE-2020-9290

Sources

Please verify you're human