PSIRT Advisory

Privilege escalation and DoS in FortiClient for Linux through local IPC socket

Summary

A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands, overwrite system files or cause FortiClient processes to crash via injecting specially crafted client requests in the IPC socket of the FortiClient process.


The following four CVE identifiers were assigned to these vulnerabilities based on different attack vectors:


CVE-2019-15711 - System command injection through IPC socket by export logs

CVE-2019-16152 - DoS through IPC socket by malformat nanomsg

CVE-2019-16155 - Privilege escalation through IPC socket by backup file

CVE-2019-17652 - DoS through IPC socket by argv through nanomsg

Impact

Privilege Escalation, System Command Injection, Denial of Service

Affected Products

FortiClient for Linux 6.2.1 and below

Solutions

Upgrade to FortiClient for Linux 6.2.2


Fortinet is not aware of any public code attempting to exploit these vulnerabilities.

Acknowledgement

Fortinet is pleased to thank “Cees Elzinga from Langkjaer Cyber Defence” for reporting this vulnerability under responsible disclosure.