Lucene search

FortinetCVELIST:CVE-2021-43205

HistoryApr 06, 2022 - 9:15 a.m.

CVE-2021-43205

2022-04-0609:15:36

fortinet

www.cve.org

vulnerability

sensitive information

unauthorized access

forticlient

linux

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:W/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

CNA Affected

[
  {
    "product": "Fortinet FortiClientLinux",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientLinux 7.0.2 and below,  6.4.7 and below, 6.2.9 and below"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-21-226

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:W/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for CVELIST:CVE-2021-43205