| IR Number | FG-IR-20-074 |
| Date | Oct 5, 2021 |
| Severity |
Medium |
| CVSSv3 Score | 5.3 |
| Impact | Escalation of privilege |
| CVE ID | CVE-2020-15941 |
| Affected Products |
FortiClientEMS
:
6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClientEMS - Directory Traversal vulnerability
Summary
A path traversal vulnerability [CWE-22] in FortiClientEMS may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
Affected Products
FortiClientEMS version 6.4.1 and below.
FortiClientEMS version 6.2.8 and below.
Solutions
Please upgrade to version 6.2.9 or above.
Please upgrade to version 6.4.2 or above.