CVE-2021-36183Incorrect Authorization in Fortinet Forticlient

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.8HIGHNVD
CNA7.4
EPSS
0.1%
top 66.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedNov 2
Latest updateMay 24

Description

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0
NVDfortinet/forticlient6.4.06.4.2+1

🔴Vulnerability Details

2
GHSA
GHSA-vrc4-qvrw-2552: An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 72022-05-24
CVEList
CVE-2021-36183: An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 72021-11-02

📋Vendor Advisories

1
Fortinet
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and belo...2021-11-02
CVE-2021-36183 — Incorrect Authorization in Fortinet | cvebase