Fortinet FortiClient Crafted VPN Connection Name Handling Local Format String

high Nessus Plugin ID 56049

Synopsis

The remote Windows host contains a security application that is affected by a local format string vulnerability.

Description

FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host.

The installed version does not properly handle format string specifiers within a VPN connection name. A local user may be able to leverage this issue to read and write arbitrary memory with SYSTEM privileges.

Solution

Upgrade to Fortinet FortiClient 3.0 MR7 Patch 6 (3.0.616) or later.

See Also

https://www.securityfocus.com/archive/1/502354/30/0/threaded

Plugin Details

Severity: High

ID: 56049

File Name: forticlient_3_0_616.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 9/8/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:fortinet:forticlient

Required KB Items: installed_sw/FortiClient

Exploit Ease: No known exploits are available

Patch Publication Date: 3/13/2009

Vulnerability Publication Date: 4/1/2009

Reference Information

CVE: CVE-2009-1262

BID: 34343

CWE: 134