CVE-2021-44169

Published: Apr 6, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.

Affected (4)

Products: Fortinet: Forticlient

Fortinet

1 product

Forticlient

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 6.0.0 to 6.0.10
Fortinet Forticlient	From 6.2.0 to 6.2.9
Fortinet Forticlient	From 6.4.0 to 6.4.7
Fortinet Forticlient	From 7.0.0 to 7.0.2

Related CWEs

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (2)

https://fortiguard.com/psirt/FG-IR-21-238

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-21-238

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.