CVE-2021-41031

CWE-22Path Traversal4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 60.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientwindows
Timeline
PublishedJul 18
Latest updateJul 19

Description

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
NVDfortinet/forticlient6.2.06.2.9+2

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-qv22-gh9q-ccq2: A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 72022-07-19
CVEList
CVE-2021-41031: A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 72022-07-18

📋Vendor Advisories

1
Fortinet
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior an...2022-07-18
CVE-2021-41031 (HIGH CVSS 7.8) | A relative path traversal vulnerabi | cvebase.io