CVE-2021-26089

CWE-594 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 73.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientmac
Timeline
PublishedJul 12
Latest updateMay 24

Description

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientmacFortiClientMac 6.4.3 and below

🔴Vulnerability Details

2
GHSA
GHSA-778f-2fc2-jrq9: An improper symlink following in FortiClient for Mac 62022-05-24
CVEList
CVE-2021-26089: An improper symlink following in FortiClient for Mac 62021-07-12

📋Vendor Advisories

1
Fortinet
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitra...2021-07-12
CVE-2021-26089 (HIGH CVSS 7.8) | An improper symlink following in Fo | cvebase.io