Vulnerability Description
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | 3.0.614 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
- http://osvdb.org/53266
- http://secunia.com/advisories/34524Vendor Advisory
- http://www.layereddefense.com/FortiClient02Apr.html
- http://www.securityfocus.com/archive/1/502354/100/0/threaded
- http://www.securityfocus.com/archive/1/502602/100/0/threaded
- http://www.securityfocus.com/bid/34343
- http://www.securitytracker.com/id?1021966
- http://www.vupen.com/english/advisories/2009/0941Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49633
- http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
- http://osvdb.org/53266
- http://secunia.com/advisories/34524Vendor Advisory
- http://www.layereddefense.com/FortiClient02Apr.html
- http://www.securityfocus.com/archive/1/502354/100/0/threaded
FAQ
What is CVE-2009-1262?
CVE-2009-1262 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
How severe is CVE-2009-1262?
CVE-2009-1262 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1262?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient.