CVE-2021-44172

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 35.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlientems Fortinet Forticlient Endpoint Management Server

Timeline

PublishedSep 13

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5fortinet/forticlientems7.0.6 — 7.0.7+5

▶NVDfortinet/forticlient_endpoint_management_server6.2.0 — 6.2.9+3

🔴Vulnerability Details

GHSA

GHSA-cvf7-h454-x3rj: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7↗2023-09-13

▶

CVEList

CVE-2021-44172: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7↗2023-09-13

▶

📋Vendor Advisories

Fortinet

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 t...↗2023-09-13

▶