CVE-2021-32592

Published: Dec 1, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

Affected (8)

Products: Fortinet: Forticlient, Forticlient Enterprise Management Server

Fortinet

2 products

Forticlient

Forticlient Enterprise Management Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.0.0 to 6.0.9
Fortinet Forticlient	From 6.2.0 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.7
Fortinet Forticlient	Version 7.0.0
Fortinet Forticlient Enterprise Management Server	From 6.0.0 to 6.0.6
Fortinet Forticlient Enterprise Management Server	From 6.2.0 to 6.2.9
Fortinet Forticlient Enterprise Management Server	From 6.4.0 to 6.4.7
Fortinet Forticlient Enterprise Management Server	Version 7.0.0

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://fortiguard.com/advisory/FG-IR-21-088

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-21-088

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.