Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-17658 PoC — Fortinet FortiClient FortiTray 代码问题漏洞

Source
https://github.com/Ibonok/CVE-2019-17658
Associated Vulnerability
Title:Fortinet FortiClient FortiTray 代码问题漏洞 (CVE-2019-17658)
Description:An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
Description
Unquoted Service Path exploit in FortiClient (CVE-2019-17658)
Readme
# Unquoted Service Path exploit in FortiClient (CVE-2019-17658)

FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability. That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

### Affected Component
FortiClient FortiTray

### Affected Products
FortiClient for Windows Versions 6.2.2 and below.

### Patched in Version
FortiClient for Windows version 6.2.3 or above.

### PoC

Private: The PoC is not published because it's obvious. 

### Links:
- https://nvd.nist.gov/vuln/detail/CVE-2019-17658
- https://fortiguard.com/psirt/FG-IR-19-281
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →