CVE-2009-1262

CVE Database · CVE-2009-1262

CVE-2009-1262

· N/AModified

CVSS v3.1

N/A

EPSS

0.45%

Published

Apr 7, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

Weaknesses (CWE)

CWE-134

Affected Products (1)

fortinet · forticlientvulnerable

References (20)

http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html

http://osvdb.org/53266

http://secunia.com/advisories/34524

Vendor Advisory

http://www.layereddefense.com/FortiClient02Apr.html

http://www.securityfocus.com/archive/1/502354/100/0/threaded

http://www.securityfocus.com/archive/1/502602/100/0/threaded

http://www.securityfocus.com/bid/34343

http://www.securitytracker.com/id?1021966

http://www.vupen.com/english/advisories/2009/0941

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49633

KEV Catalog EPSS Scores Vendors All CVEs