CVE-2009-1262

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
fortinetforticlient
3.0.614
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
http://osvdb.org/53266
http://secunia.com/advisories/34524
http://www.layereddefense.com/FortiClient02Apr.html
http://www.securityfocus.com/archive/1/502354/100/0/threaded
http://www.securityfocus.com/archive/1/502602/100/0/threaded
http://www.securityfocus.com/bid/34343
http://www.securitytracker.com/id?1021966
http://www.vupen.com/english/advisories/2009/0941
https://exchange.xforce.ibmcloud.com/vulnerabilities/49633
http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
http://osvdb.org/53266
http://secunia.com/advisories/34524
http://www.layereddefense.com/FortiClient02Apr.html
http://www.securityfocus.com/archive/1/502354/100/0/threaded
http://www.securityfocus.com/archive/1/502602/100/0/threaded
http://www.securityfocus.com/bid/34343
http://www.securitytracker.com/id?1021966
http://www.vupen.com/english/advisories/2009/0941
https://exchange.xforce.ibmcloud.com/vulnerabilities/49633