CVE-2019-15711: 
FortiClient vulnerability analysis and mitigation

A privilege escalation vulnerability was discovered in FortiClient for Linux version 6.2.1 and below, identified as CVE-2019-15711. The vulnerability allows a low-privileged user to execute system commands with root privileges by injecting specially crafted 'ExportLogs' type IPC client requests to the fctsched process (Fortinet Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The attack requires local access and low privileges to exploit, but can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows an attacker to execute system commands with root privileges, potentially leading to complete system compromise. The vulnerability affects the confidentiality, integrity, and availability of the system with high severity ratings for each aspect (Fortinet Advisory).

The vulnerability has been patched in FortiClient for Linux version 6.2.2. Users are advised to upgrade to this version or later to mitigate the risk (Fortinet Advisory).

The vulnerability was responsibly disclosed by Cees Elzinga from Danish Cyber Defence, demonstrating effective collaboration between security researchers and vendors (Fortinet Advisory).