CVE-2021-43205

Published: Apr 6, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

Affected (5)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.2.0 to 6.2.4
Fortinet Forticlient	From 6.2.6 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.4
Fortinet Forticlient	From 7.0.0 to 7.0.2
Fortinet Forticlient	Version 6.4.7

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://fortiguard.com/psirt/FG-IR-21-226

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-21-226

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.