CVE-2021-44169

CWE-6654 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 70.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Fortinet Forticlientwindows

Timeline

PublishedApr 6

Latest updateApr 7

Description

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5fortinet/fortinet_forticlientwindowsFortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

▶NVDfortinet/forticlient6.0.0 — 6.0.10+3

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-fhh6-h3ph-38cw: A improper initialization in Fortinet FortiClient (Windows) version 6↗2022-04-07

▶

CVEList

CVE-2021-44169: A improper initialization in Fortinet FortiClient (Windows) version 6↗2022-04-06

▶

📋Vendor Advisories

Fortinet

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6...↗2022-04-06

▶