Fortinet FortiClient EMS Improper Input Neutralization Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in Fortinet FortiClient EMS version 6.2.0 due to improper neutralization of input during web page generation. This flaw may enable a remote attacker to execute unauthorized code by injecting malicious payloads into the user profile of a FortiClient instance managed by the vulnerable system.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected FortiClient instance.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClient EMS Improper Input Neutralization Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Fortinet FortiClientEMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating