漏洞描述
Fortinet FortiClient Linux SSLVPN是美国飞塔(Fortinet)公司的一款基于Linux系统用于连接到飞塔设备的VPN客户端。 Fortinet FortiClient Linux SSLVPN build 2313之前版本中存在安全漏洞。当程序安装在Linux平台上的全局可读且可执行的主目录下时,本地攻击者可借助helper/subroc setuid进程利用该漏洞获取权限。
Fortinet FortiClient Linux SSLVPN 权限许可和访问控制漏洞
PoC代码
暂无相关漏洞推荐
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC Fortinet FortiWeb 未授权身份验证绕过漏洞(CVE-2025-64446)
- POC CVE-2022-42475: Fortinet SSL-VPN - Heap-Based Buffer Overflow
- POC CVE-2023-4911: Looney Tunables Linux - Local Privilege Escalation
- POC CVE-2015-1880: Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
- POC CVE-2016-3978: Fortinet FortiOS - Open Redirect/Cross-Site Scripting
- POC CVE-2017-3132: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2017-3133: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2018-13379: Fortinet FortiOS - Credentials Disclosure
- POC CVE-2018-13380: Fortinet FortiOS - Cross-Site Scripting
- POC CVE-2020-7209: LinuxKI Toolset <= 6.01 - Remote Command Execution
- POC CVE-2021-43062: Fortinet FortiMail 7.0.1 - Cross-Site Scripting