{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-15934","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2020-07-24T00:00:00.000Z","datePublished":"2024-12-19T10:57:39.255Z","dateUpdated":"2024-12-20T17:23:40.395Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiClientLinux","cpes":[],"defaultStatus":"unaffected","versions":[{"version":"6.4.0","status":"affected"},{"versionType":"semver","version":"6.2.6","lessThanOrEqual":"6.2.7","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.4","status":"affected"},{"version":"6.0.8","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-12-19T10:57:39.255Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-269","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiClient for Linux versions 6.2.8 or above. \r\nPlease upgrade to FortiClient for Linux versions 6.4.1 or above."}],"references":[{"name":"https://www.fortiguard.com/psirt/FG-IR-20-110","url":"https://www.fortiguard.com/psirt/FG-IR-20-110"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-20T17:22:49.806588Z","id":"CVE-2020-15934","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-20T17:23:40.395Z"}}]}}