Lucene search
FortiGuard LabsFG-IR-21-075HistoryDec 07, 2021 - 12:00 a.m.
FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability
2021-12-0700:00:00
FortiGuard Labs
www.fortiguard.com
23
forticlientems
telemetry protocol
mitm vulnerability
forticlientwindows
forticlientlinux
forticlientmac
unauthenticated
network adjacent
man-in-the-middle
ems
fct
cryptographic key vulnerability
improper certificate validation vulnerability
cwe-321
cwe-297
software
EPSS
0.001
Percentile
31.3%
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
Related
cnvd
cnvd
Fortinet FortiClient Trust Management Issue Vulnerability (CNVD-2022-03936)
2022-01-14 00:00:00
cvelist
cvelist
CVE-2021-41028
2021-12-16 18:13:38
nessus
nessus
Fortinet FortiClient (FG-IR-21-075)
2024-06-14 00:00:00
Fortinet FortiClient (FG-IR-21-075) (macOS)
2024-06-14 00:00:00
cve
cve
CVE-2021-41028
2021-12-16 19:15:08
prion
prion
Design/Logic Flaw
2021-12-16 19:15:00
nvd
nvd
CVE-2021-41028
2021-12-16 19:15:08