CVE-2021-43205

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.6%

top 30.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Fortinet Forticlientlinux

Timeline

PublishedApr 6

Latest updateApr 7

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlientlinuxFortiClientLinux 7.0.2 and below, 6.4.7 and below, 6.2.9 and below

▶NVDfortinet/forticlient6.2.0 — 6.2.4+4

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-g758-vqjh-f7pq: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7↗2022-04-07

▶

CVEList

CVE-2021-43205: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7↗2022-04-06

▶

📋Vendor Advisories

Fortinet

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7...↗2022-04-06

▶