FortiClient - installer DLL Hijacking Vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-060
Final
1
1
2020-03-09T00:00:00
Current version
2020-03-09T00:00:00
2020-03-09T00:00:00
Multiple unsafe search path vulnerabilities in FortiClient online installers may allow an attacker with control over the directory in which the installers reside to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Unauthorized code execution
FortiClientOnlineInstaller.exe for FortiClient for Windows 6.0.5 and below, 5.6 all versions (CVE-2019-5589) FortiClientOnlineInstaller.exe for FortiClient for Windows 6.4.6 and below, and 7.0.0 (CVE-2020-9290) FortiClientVPNOnlineInstaller.exe for FortiClient VPN for Windows 6.4.6 and below, and 7.0.0 (CVE-2020-9290) FortiClientEMSOnlineInstaller.exe for FortiClient EMS 6.0 all versions, 6.2.8 and below, 6.4.6 and below and 7.0.0 (CVE-2020-9287)
CVE-2019-5589: Use FortiClient for Windows online installer 6.0.6 or above CVE-2020-9290: Use FortiClient for Windows online installer 6.4.7 or above, 7.0.1 or above, and FortiClient VPN for Windows online installer 6.4.7 or above, 7.0.1 or above CVE-2020-9287: Use FortiClient EMS online installer 6.2.9 or above, 6.4.7 or above, 7.0.1 or above. Revision History: 05-16-2019 Initial version 3-09-2020 add CVE-2020-9290 and CVE-2020-9287 13-9-2021 modified CVE-2020-9290 8-11-2021 add CVE-2020-9290 and CVE-2020-9287
Fortinet is pleased to thank Independent security researcher Honc (honcbb@gmail.com)for reporting CVE-2019-5589 and CVE-2020-9290, Houjingyi (houjingyi647@gmail.com) for reporting CVE-2020-9290 and CVE-2020-9287, security researcher Eran Shimony from CyberArk Labs for reporting CVE-2020-9290 and independent researcher Ameen Basha for reporting CVE-2020-9290 under responsible disclosures.
FortiClientEMS 7.0.0
FortiClientEMS 6.4.4
FortiClientEMS 6.4.3
FortiClientEMS 6.4.2
FortiClientEMS 6.4.1
FortiClientEMS 6.4.0
FortiClientEMS 6.2.8
FortiClientEMS 6.2.7
FortiClientEMS 6.2.6
FortiClientEMS 6.2.4
FortiClientEMS 6.2.3
FortiClientEMS 6.2.2
FortiClientEMS 6.2.1
FortiClientEMS 6.2.0
FortiClientEMS 6.0.8
FortiClientEMS 6.0.6
FortiClientEMS 6.0.5
FortiClientEMS 6.0.4
FortiClientEMS 6.0.3
FortiClientEMS 6.0.2
FortiClientEMS 6.0.1
FortiClientEMS 6.0.0
FortiClientWindows 7.0.0
FortiClientWindows 6.4.6
FortiClientWindows 6.2.9
FortiClientWindows 6.2.8
FortiClientWindows 6.2.3
FortiClientWindows 6.0.5
FortiClientWindows 6.0.4
FortiClientWindows 6.0.3
FortiClientWindows 6.0.2
FortiClientWindows 6.0.1
FortiClientWindows 6.0.0
FortiClientWindows 5.6.6
FortiClientWindows 5.6.5
FortiClientWindows 5.6.4
FortiClientWindows 5.6.3
FortiClientWindows 5.6.2
FortiClientWindows 5.6.1
FortiClientWindows 5.6.0
FortiClientWindows 5.4.5
FortiClientWindows 5.4.4
FortiClientWindows 5.4.3
FortiClientWindows 5.4.2
FortiClientWindows 5.4.1
FortiClientWindows 5.4.0
FortiClientWindows 5.2.6
FortiClientWindows 5.2.5
FortiClientWindows 5.2.4
FortiClientWindows 5.2.3
FortiClientWindows 5.2.2
FortiClientWindows 5.2.1
FortiClientWindows 5.2.0
FortiClientWindows 5.0.11
FortiClientWindows 5.0.10
FortiClientWindows 5.0.9
FortiClientWindows 5.0.8
FortiClientWindows 5.0.7
FortiClientWindows 5.0.6
FortiClientWindows 5.0.5
FortiClientWindows 5.0.4
FortiClientWindows 5.0.3
FortiClientWindows 5.0.2
FortiClientWindows 5.0.1
FortiClientWindows 5.0.0
FortiClientWindows 4.3.5
FortiClientWindows 4.3.4
FortiClientWindows 4.3.3
FortiClientWindows 4.3.2
FortiClientWindows 4.3.1
FortiClientWindows 4.3.0
FortiClientWindows 4.2.7
FortiClientWindows 4.2.6
FortiClientWindows 4.2.5
FortiClientWindows 4.2.4
FortiClientWindows 4.2.3
FortiClientWindows 4.2.2
FortiClientWindows 4.2.1
FortiClientWindows 4.2.0
FortiClientWindows 4.1.3
FortiClientWindows 4.1.2
FortiClientWindows 4.1.1
FortiClientWindows 4.1.0
FortiClientWindows 4.0.4
FortiClientWindows 4.0.3
FortiClientWindows 4.0.2
FortiClientWindows 4.0.1
FortiClient - installer DLL Hijacking Vulnerability
CVE-2019-5589
CVE-2020-9287
CVE-2020-9290
FortiClientEMS-7.0.0
FortiClientEMS-6.4.4
FortiClientEMS-6.4.3
FortiClientEMS-6.4.2
FortiClientEMS-6.4.1
FortiClientEMS-6.4.0
FortiClientEMS-6.2.8
FortiClientEMS-6.2.7
FortiClientEMS-6.2.6
FortiClientEMS-6.2.4
FortiClientEMS-6.2.3
FortiClientEMS-6.2.2
FortiClientEMS-6.2.1
FortiClientEMS-6.2.0
FortiClientEMS-6.0.8
FortiClientEMS-6.0.6
FortiClientEMS-6.0.5
FortiClientEMS-6.0.4
FortiClientEMS-6.0.3
FortiClientEMS-6.0.2
FortiClientEMS-6.0.1
FortiClientEMS-6.0.0
FortiClientWindows-7.0.0
FortiClientWindows-6.4.6
FortiClientWindows-6.2.9
FortiClientWindows-6.2.8
FortiClientWindows-6.2.3
FortiClientWindows-6.0.5
FortiClientWindows-6.0.4
FortiClientWindows-6.0.3
FortiClientWindows-6.0.2
FortiClientWindows-6.0.1
FortiClientWindows-6.0.0
FortiClientWindows-5.6.6
FortiClientWindows-5.6.5
FortiClientWindows-5.6.4
FortiClientWindows-5.6.3
FortiClientWindows-5.6.2
FortiClientWindows-5.6.1
FortiClientWindows-5.6.0
FortiClientWindows-5.4.5
FortiClientWindows-5.4.4
FortiClientWindows-5.4.3
FortiClientWindows-5.4.2
FortiClientWindows-5.4.1
FortiClientWindows-5.4.0
FortiClientWindows-5.2.6
FortiClientWindows-5.2.5
FortiClientWindows-5.2.4
FortiClientWindows-5.2.3
FortiClientWindows-5.2.2
FortiClientWindows-5.2.1
FortiClientWindows-5.2.0
FortiClientWindows-5.0.11
FortiClientWindows-5.0.10
FortiClientWindows-5.0.9
FortiClientWindows-5.0.8
FortiClientWindows-5.0.7
FortiClientWindows-5.0.6
FortiClientWindows-5.0.5
FortiClientWindows-5.0.4
FortiClientWindows-5.0.3
FortiClientWindows-5.0.2
FortiClientWindows-5.0.1
FortiClientWindows-5.0.0
FortiClientWindows-4.3.5
FortiClientWindows-4.3.4
FortiClientWindows-4.3.3
FortiClientWindows-4.3.2
FortiClientWindows-4.3.1
FortiClientWindows-4.3.0
FortiClientWindows-4.2.7
FortiClientWindows-4.2.6
FortiClientWindows-4.2.5
FortiClientWindows-4.2.4
FortiClientWindows-4.2.3
FortiClientWindows-4.2.2
FortiClientWindows-4.2.1
FortiClientWindows-4.2.0
FortiClientWindows-4.1.3
FortiClientWindows-4.1.2
FortiClientWindows-4.1.1
FortiClientWindows-4.1.0
FortiClientWindows-4.0.4
FortiClientWindows-4.0.3
FortiClientWindows-4.0.2
FortiClientWindows-4.0.1
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-060
FortiClient - installer DLL Hijacking Vulnerability
Reference>