Lucene search

FortinetCVELIST:CVE-2021-26089

HistoryJul 12, 2021 - 12:48 p.m.

CVE-2021-26089

2021-07-1212:48:01

fortinet

www.cve.org

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.

CNA Affected

[
  {
    "product": "Fortinet FortiClientMac",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientMac 6.4.3 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-022

www.zerodayinitiative.com/advisories/ZDI-22-078/

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2021-26089