CVE-2021-43066

CWE-668Exposure to Wrong SphereCWE-6104 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Fortinet Forticlientwindows
Timeline
PublishedMay 11
Latest updateMay 12

Description

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 2.0 | Impact: 5.8

Affected Packages2 packages

CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.2 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
NVDfortinet/forticlient6.0.06.4.7+1

🔴Vulnerability Details

2
GHSA
GHSA-726x-mfp5-rvmh: A external control of file name or path in Fortinet FortiClientWindows version 72022-05-12
CVEList
CVE-2021-43066: A external control of file name or path in Fortinet FortiClientWindows version 72022-05-11

📋Vendor Advisories

1
Fortinet
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below,...2022-05-11
CVE-2021-43066 (HIGH CVSS 7.8) | A external control of file name or | cvebase.io