CVE-2020-15941: 
FortiClient EMS vulnerability analysis and mitigation

A path traversal vulnerability [CWE-22] was identified in FortiClientEMS affecting versions 6.4.1 and below, as well as versions 6.2.8 and below. The vulnerability allows an authenticated attacker to inject directory traversal character sequences to add or delete files on the server through the name parameter of Deployment Packages (Fortinet Advisory, NVD).

The vulnerability has been assigned CVE-2020-15941 with a CVSS v3.1 Base Score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and affects the deployment package functionality of FortiClientEMS (NVD).

The vulnerability can lead to escalation of privilege, allowing authenticated attackers to manipulate files on the server through directory traversal attacks. The impact is primarily focused on file system integrity and availability, with the potential for unauthorized file manipulation (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiClientEMS version 6.2.9 or above for the 6.2.x branch, or version 6.4.2 or above for the 6.4.x branch (Fortinet Advisory).