CVE-2020-15934 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-15934 PUBLISHED CVSS 8.600000381469727 HIGH

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

EPSS 0.07% · 20.1th percentile

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

EPSS Score

0.07%

20.1th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiClient
fortinet	forticlient	6.0.0, 6.4.0
Fortinet	FortiClientLinux	6.0.8, 6.0.0, 6.4.0
Fortinet	FortiOS

Timeline

Dec 19, 2024 CVE Published
Dec 19, 2024 PoC Published
Dec 19, 2024 PoC Published
Dec 20, 2024 EPSS Score
Dec 20, 2024 CVE Updated
Jan 5, 2025 EPSS Score
Jan 21, 2025 EPSS Score
Feb 6, 2025 EPSS Score
Feb 21, 2025 EPSS Score
Mar 9, 2025 EPSS Score
Mar 25, 2025 EPSS Score
Apr 10, 2025 EPSS Score

References

Open in Interactive Console →