PT-2021-23055 · Fortinet · Forticlientems

Published

2021-12-08

Updated

2021-12-10

CVE-2021-41030

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions 7.0.1 and below FortiClient EMS versions 6.4.4 and below

Description An authentication bypass by capture-replay issue may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

Recommendations For FortiClient EMS versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiClient EMS versions 6.4.4 and below, update to a version above 6.4.4 to resolve the issue. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2021-41030

Affected Products

Forticlientems

PT-2021-23055 · Fortinet · Forticlientems

CVE-2021-41030

Weakness Enumeration

Related Identifiers

Affected Products

References · 4