Description

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.

Related CPE's

a

fortinet

forticlient_endpoint_management_server

2

References

https://fortiguard.com/advisory/FG-IR-20-074

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-074

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-06T08:15:07.623Z

4 years ago

Last modified

2024-11-21T04:06:30.020Z

1 year ago