CVE-2020-15934 - Vulnerability Details - OpenCVE

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fortinet	Forticlient

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:forticlient::::::linux::*
	cpe:2.3:a:fortinet:forticlient:6.4.0:::::linux::

No data.

References

Link	Providers
https://www.fortiguard.com/psirt/FG-IR-20-110

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00025}`	epss `{'score': 0.00028}`

Tue, 21 Jan 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet Fortinet forticlient
CPEs		cpe:2.3:a:fortinet:forticlient::::::linux::* cpe:2.3:a:fortinet:forticlient:6.4.0:::::linux::
Vendors & Products		Fortinet Fortinet forticlient

Fri, 20 Dec 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 19 Dec 2024 11:15:00 +0000

Type	Values Removed	Values Added
Description		An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
Weaknesses		CWE-269
References		https://www.fortiguard.com/psirt/FG-IR-20-110
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-12-19T10:57:39.255Z

Updated: 2024-12-20T17:23:40.395Z

Reserved: 2020-07-24T00:00:00.000Z

Link: CVE-2020-15934

Vulnrichment

Updated: 2024-12-20T17:23:30.377Z

NVD

Status : Analyzed

Published: 2024-12-19T11:15:06.930

Modified: 2025-01-21T20:38:47.137

Link: CVE-2020-15934

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-15934", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2020-07-24T00:00:00.000Z", "datePublished": "2024-12-19T10:57:39.255Z", "dateUpdated": "2024-12-20T17:23:40.395Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientLinux", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "6.4.0", "status": "affected"}, {"versionType": "semver", "version": "6.2.6", "lessThanOrEqual": "6.2.7", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.4", "status": "affected"}, {"version": "6.0.8", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-19T10:57:39.255Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."}], "references": [{"name": "https://www.fortiguard.com/psirt/FG-IR-20-110", "url": "https://www.fortiguard.com/psirt/FG-IR-20-110"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-20T17:22:49.806588Z", "id": "CVE-2020-15934", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-20T17:23:40.395Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-15934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-20T17:22:49.806588Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-20T17:23:30.377Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiClientLinux", "versions": [{"status": "affected", "version": "6.4.0"}, {"status": "affected", "version": "6.2.6", "versionType": "semver", "lessThanOrEqual": "6.2.7"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.4"}, {"status": "affected", "version": "6.0.8"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."}], "references": [{"url": "https://www.fortiguard.com/psirt/FG-IR-20-110", "name": "https://www.fortiguard.com/psirt/FG-IR-20-110"}], "descriptions": [{"lang": "en", "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-19T10:57:39.255Z"}}}, "cveMetadata": {"cveId": "CVE-2020-15934", "state": "PUBLISHED", "dateUpdated": "2024-12-20T17:23:40.395Z", "dateReserved": "2020-07-24T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-12-19T10:57:39.255Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", "matchCriteriaId": "49F1914E-5D71-4DF6-89D7-D55C5A2CD54E", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient:6.4.0:*:*:*:*:linux:*:*", "matchCriteriaId": "4ED4EE61-7872-4B1F-B0E1-35016FD4E547", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n con privilegios innecesarios en el motor VCM de FortiClient para Linux versiones 6.2.7 y anteriores, versi\u00f3n 6.4.0, puede permitir que usuarios locales eleven sus privilegios a superusuario mediante la creaci\u00f3n de un script o programa malicioso en la m\u00e1quina de destino."}], "id": "CVE-2020-15934", "lastModified": "2025-01-21T20:38:47.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-19T11:15:06.930", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-110"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@fortinet.com", "type": "Primary"}]}