cvelistv5 - CVE-2009-1262

CVE-2009-1262 (GCVE-0-2009-1262)

Vulnerability from cvelistv5

Published

2009-04-07 23:00

Modified

2024-08-07 05:04

Severity ?

CWE

Summary

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

References

URL

Tags

cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
cve@mitre.org	http://osvdb.org/53266
cve@mitre.org	http://secunia.com/advisories/34524	Vendor Advisory
cve@mitre.org	http://www.layereddefense.com/FortiClient02Apr.html
cve@mitre.org	http://www.securityfocus.com/archive/1/502354/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/502602/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34343
cve@mitre.org	http://www.securitytracker.com/id?1021966
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0941	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49633
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53266
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34524	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.layereddefense.com/FortiClient02Apr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502354/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502602/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34343
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021966
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0941	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49633

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.layereddefense.com/FortiClient02Apr.html"
          },
          {
            "name": "34524",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34524"
          },
          {
            "name": "34343",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34343"
          },
          {
            "name": "53266",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53266"
          },
          {
            "name": "ADV-2009-0941",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0941"
          },
          {
            "name": "1021966",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021966"
          },
          {
            "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
          },
          {
            "name": "forticlient-vpn-format-string(49633)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
          },
          {
            "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.layereddefense.com/FortiClient02Apr.html"
        },
        {
          "name": "34524",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34524"
        },
        {
          "name": "34343",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34343"
        },
        {
          "name": "53266",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53266"
        },
        {
          "name": "ADV-2009-0941",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0941"
        },
        {
          "name": "1021966",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021966"
        },
        {
          "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
        },
        {
          "name": "forticlient-vpn-format-string(49633)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
        },
        {
          "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
            },
            {
              "name": "http://www.layereddefense.com/FortiClient02Apr.html",
              "refsource": "MISC",
              "url": "http://www.layereddefense.com/FortiClient02Apr.html"
            },
            {
              "name": "34524",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34524"
            },
            {
              "name": "34343",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34343"
            },
            {
              "name": "53266",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53266"
            },
            {
              "name": "ADV-2009-0941",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0941"
            },
            {
              "name": "1021966",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021966"
            },
            {
              "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
            },
            {
              "name": "forticlient-vpn-format-string(49633)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
            },
            {
              "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1262",
    "datePublished": "2009-04-07T23:00:00",
    "dateReserved": "2009-04-07T00:00:00",
    "dateUpdated": "2024-08-07T05:04:49.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1262\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-07T23:30:00.377\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de formato de cadena en Fortinet FortiClient v3.0.614 y posiblemente versiones anteriores permite a usuarios locales ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de especificadores de formato de cadena en el nombre de la conexi\u00f3n VPN.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:fortinet:forticlient:3.0.614:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46CC5D47-9685-4B5A-9308-A450CC7C8233\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/53266\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.layereddefense.com/FortiClient02Apr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/502354/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/502602/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34343\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021966\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0941\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49633\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/53266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.layereddefense.com/FortiClient02Apr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/502354/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/502602/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

var-200904-0471

Vulnerability from variot

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function. Successfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service. FortiClient 3.0.614 is vulnerable; other versions may also be affected. Fortinet FortiClient is a set of Fortinet company's software solutions that provide security for terminals. It provides features such as IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics

Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

TITLE: Fortinet FortiClient VPN Connection Format String Vulnerability

SECUNIA ADVISORY ID: SA34524

VERIFY ADVISORY: http://secunia.com/advisories/34524/

DESCRIPTION: A vulnerability has been reported in Fortinet FortiClient, which can be exploited by malicious, local users to gain escalated privileges. This can be exploited to read and write arbitrary memory with SYSTEM privileges via a specially crafted VPN connection name.

The vulnerability is reported in version 3.0.614.

SOLUTION: Update to version 3.0 MR7 Patch Release 6.

PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0471",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "fortinet",
        "version": "3.0.614"
      },
      {
        "model": "forticlient mr7 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.06"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:forticlient",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Deral Heiland  http://www.layereddefense.com/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1262",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2009-1262",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-38708",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-1262",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-1262",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-156",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-38708",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function. \nSuccessfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service. \nFortiClient 3.0.614 is vulnerable; other versions may also be affected. Fortinet FortiClient is a set of Fortinet company\u0027s software solutions that provide security for terminals. It provides features such as IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nHighlights from the 2008 report:\n * Vulnerability Research\n * Software Inspection Results\n * Secunia Research Highlights\n * Secunia Advisory Statistics\n\nRequest the full 2008 Report here:\nhttp://secunia.com/advisories/try_vi/request_2008_report/\n\nStay Secure,\n\nSecunia\n\n\n----------------------------------------------------------------------\n\nTITLE:\nFortinet FortiClient VPN Connection Format String Vulnerability\n\nSECUNIA ADVISORY ID:\nSA34524\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34524/\n\nDESCRIPTION:\nA vulnerability has been reported in Fortinet FortiClient, which can\nbe exploited by malicious, local users to gain escalated privileges. This can be exploited to read and\nwrite arbitrary memory with SYSTEM privileges via a specially crafted\nVPN connection name. \n\nThe vulnerability is reported in version 3.0.614. \n\nSOLUTION:\nUpdate to version 3.0 MR7 Patch Release 6. \n\nPROVIDED AND/OR DISCOVERED BY:\nDeral Heiland, Layered Defense\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "db": "PACKETSTORM",
        "id": "76353"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1262",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "34343",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "34524",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1021966",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0941",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "53266",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20090410 RE: LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20090402 LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20090402 LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "49633",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-38708",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76353",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "PACKETSTORM",
        "id": "76353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "id": "VAR-200904-0471",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:31:54.021000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-134",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-april/068583.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/34343"
      },
      {
        "trust": 1.7,
        "url": "http://www.layereddefense.com/forticlient02apr.html"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/53266"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1021966"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34524"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/0941"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1262"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1262"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/49633"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/502602/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/502354/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/forticlient/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502354"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34524/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "PACKETSTORM",
        "id": "76353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "db": "PACKETSTORM",
        "id": "76353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "date": "2009-04-02T00:00:00",
        "db": "BID",
        "id": "34343"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "date": "2009-04-06T11:11:40",
        "db": "PACKETSTORM",
        "id": "76353"
      },
      {
        "date": "2009-04-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "date": "2009-04-07T23:30:00.377000",
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38708"
      },
      {
        "date": "2009-04-17T23:06:00",
        "db": "BID",
        "id": "34343"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003327"
      },
      {
        "date": "2009-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      },
      {
        "date": "2024-11-21T01:02:02.583000",
        "db": "NVD",
        "id": "CVE-2009-1262"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "PACKETSTORM",
        "id": "76353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiClient VPN Connection Name Local Format String Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "34343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "format string",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-156"
      }
    ],
    "trust": 0.6
  }
}

ghsa-p9pf-5c8c-756m

Vulnerability from github

Published

2022-05-02 03:23

Modified

2022-05-02 03:23

Details

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-07T23:30:00Z",
    "severity": "HIGH"
  },
  "details": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.",
  "id": "GHSA-p9pf-5c8c-756m",
  "modified": "2022-05-02T03:23:15Z",
  "published": "2022-05-02T03:23:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1262"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53266"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34524"
    },
    {
      "type": "WEB",
      "url": "http://www.layereddefense.com/FortiClient02Apr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34343"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021966"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0941"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-1262

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

Aliases

CVE-2009-1262

Aliases

CVE-2009-1262

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1262",
    "description": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.",
    "id": "GSD-2009-1262"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1262"
      ],
      "details": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.",
      "id": "GSD-2009-1262",
      "modified": "2023-12-13T01:19:47.308862Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1262",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
          },
          {
            "name": "http://www.layereddefense.com/FortiClient02Apr.html",
            "refsource": "MISC",
            "url": "http://www.layereddefense.com/FortiClient02Apr.html"
          },
          {
            "name": "34524",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34524"
          },
          {
            "name": "34343",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34343"
          },
          {
            "name": "53266",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53266"
          },
          {
            "name": "ADV-2009-0941",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0941"
          },
          {
            "name": "1021966",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021966"
          },
          {
            "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
          },
          {
            "name": "forticlient-vpn-format-string(49633)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
          },
          {
            "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:forticlient:3.0.614:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1262"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1021966",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021966"
            },
            {
              "name": "http://www.layereddefense.com/FortiClient02Apr.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.layereddefense.com/FortiClient02Apr.html"
            },
            {
              "name": "ADV-2009-0941",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0941"
            },
            {
              "name": "34524",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34524"
            },
            {
              "name": "53266",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53266"
            },
            {
              "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
            },
            {
              "name": "34343",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34343"
            },
            {
              "name": "forticlient-vpn-format-string(49633)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
            },
            {
              "name": "20090410 Re: Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
            },
            {
              "name": "20090402 Layered Defense Research Advisory: Format String Vulnerability: FortiClient Version 3",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:35Z",
      "publishedDate": "2009-04-07T23:30Z"
    }
  }
}

fkie_cve-2009-1262

Vulnerability from fkie_nvd

Published

2009-04-07 23:30

Modified

2025-04-09 00:30

Severity ?

Summary

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
cve@mitre.org	http://osvdb.org/53266
cve@mitre.org	http://secunia.com/advisories/34524	Vendor Advisory
cve@mitre.org	http://www.layereddefense.com/FortiClient02Apr.html
cve@mitre.org	http://www.securityfocus.com/archive/1/502354/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/502602/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34343
cve@mitre.org	http://www.securitytracker.com/id?1021966
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0941	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49633
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53266
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34524	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.layereddefense.com/FortiClient02Apr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502354/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502602/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34343
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021966
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0941	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49633

Impacted products

	Vendor	Product	Version
	fortinet	forticlient	3.0.614

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:forticlient:3.0.614:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CC5D47-9685-4B5A-9308-A450CC7C8233",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en Fortinet FortiClient v3.0.614 y posiblemente versiones anteriores permite a usuarios locales ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de especificadores de formato de cadena en el nombre de la conexi\u00f3n VPN."
    }
  ],
  "id": "CVE-2009-1262",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-07T23:30:00.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/53266"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.layereddefense.com/FortiClient02Apr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34343"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021966"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0941"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.layereddefense.com/FortiClient02Apr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502354/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502602/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49633"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1262 (GCVE-0-2009-1262)

Vulnerability from cvelistv5

var-200904-0471

Vulnerability from variot

ghsa-p9pf-5c8c-756m

Vulnerability from github

gsd-2009-1262

Vulnerability from gsd

fkie_cve-2009-1262

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature