Privilege escalation and DoS in FortiClient for Linux through local IPC socket
A privilege escalation vulnerability in FortiClient for Linux may allow a user with low privilege to run root system commands, overwrite system files or cause FortiClient processes to crash via injecting specially crafted client requests in the IPC socket of the FortiClient process.
The following four CVE identifiers were assigned to these vulnerabilities based on different attack vectors:
CVE-2019-15711 - System command injection through IPC socket by export logs
CVE-2019-16152 - DoS through IPC socket by malformat nanomsg
CVE-2019-16155 - Privilege escalation through IPC socket by backup file
CVE-2019-17652 - DoS through IPC socket by argv through nanomsg
Privilege Escalation, System Command Injection, Denial of Service
FortiClient for Linux 6.2.1 and below
Upgrade to FortiClient for Linux 6.2.2
Fortinet is not aware of any public code attempting to exploit these vulnerabilities.
Fortinet is pleased to thank “Cees Elzinga from Langkjaer Cyber Defence” for reporting this vulnerability under responsible disclosure.