Fortinet FortiClient Crafted VPN Connection Name Handling Local Format String

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a security application that is
affected by a local format string vulnerability.

Description :

FortiClient, a client-based software solution intended to provide
security features for enterprise computers and mobile devices, is
installed on the remote Windows host.

The installed version does not properly handle format string
specifiers within a VPN connection name. A local user may be able to
leverage this issue to read and write arbitrary memory with SYSTEM
privileges.

See also :

http://www.securityfocus.com/archive/1/502354/30/0/threaded

Solution :

Upgrade to Fortinet FortiClient 3.0 MR7 Patch 6 (3.0.616) or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56049 ()

Bugtraq ID: 34343

CVE ID: CVE-2009-1262

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now