CVE-2021-36167

CWE-863Incorrect Authorization4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 67.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientwindows
Timeline
PublishedDec 9
Latest updateDec 10

Description

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
NVDfortinet/forticlient6.4.06.4.6+2

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-2c7f-7v62-c4p8: An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 72021-12-10
CVEList
CVE-2021-36167: An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 72021-12-09

📋Vendor Advisories

1
Fortinet
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 an...2021-12-09
CVE-2021-36167 (MEDIUM CVSS 5.3) | An improper authorization vulnerabi | cvebase.io