CVE-2019-5589

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

Published: May 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5589
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-426

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	-	6.0.6

https://fortiguard.com/advisory/FG-IR-19-060

Vulnerability Database

289,599

CVE-2019-5589