An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HFortinet Forticlient
APPFortinet7.0.37.0.47.2.07.0.6 β 7.0.11 (bez)
Related vulnerabilities
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and...
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClien...
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...