CVE-2021-32592
published 2021-12-01CVE-2021-32592: An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlient | — | — |
| fortinet | forticlient | 6.0.0 – 6.0.9 | — |
| fortinet | forticlient | 6.2.0 – 6.2.9 | — |
| fortinet | forticlient | >= 6.4.0 < 6.4.7 | 6.4.7 |
| fortinet | forticlient_enterprise_management_server | — | — |
| fortinet | forticlient_enterprise_management_server | 6.0.0 – 6.0.6 | — |
| fortinet | forticlient_enterprise_management_server | 6.2.0 – 6.2.9 | — |
| fortinet | forticlient_enterprise_management_server | >= 6.4.0 < 6.4.7 | 6.4.7 |
| fortinet | forticlientems | — | — |
| fortinet | forticliententerprisemanagementserver | — | — |
| fortinet | forticlientwindows | — | — |