7.2
CVE-2009-1262
- EPSS 0.45%
- Veröffentlicht 07.04.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ FortiClient Version3.0.614
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.359 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
http://osvdb.org/53266
http://secunia.com/advisories/34524
http://www.layereddefense.com/FortiClient02Apr.html
http://www.securityfocus.com/archive/1/502354/100/0/threaded
http://www.securityfocus.com/archive/1/502602/100/0/threaded
http://www.securityfocus.com/bid/34343
http://www.securitytracker.com/id?1021966
http://www.vupen.com/english/advisories/2009/0941
https://exchange.xforce.ibmcloud.com/vulnerabilities/49633