CVE-2021-44167
Severity
7.5HIGH
EPSS
0.3%
top 43.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 12
Description
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.5 | Impact: 4.2
Affected Packages2 packages
▶CVEListV5fortinet/fortinet_forticlientlinuxFortiClientLinux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below
🔴Vulnerability Details
2GHSA▶
GHSA-9mc4-h6fw-r59x: An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6↗2022-05-12
CVEList▶
CVE-2021-44167: An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6↗2022-05-11
📋Vendor Advisories
1Fortinet▶
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8...↗2022-05-11