PT-2021-7520 · Fortinet · Forticlient

Published

2021-10-28

Updated

2022-07-12

CVE-2021-43066

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiClient versions 7.0.2 and below FortiClient versions 6.4.6 and below FortiClient versions 6.2.9 and below FortiClient versions 6.0.10 and below

Description The issue is related to incorrect external control of a file name or path in the FortiClient.msi installer, which can allow an attacker to escalate their privileges.

Recommendations For FortiClient versions 7.0.2 and below, consider updating to a version above 7.0.2 to resolve the issue. For FortiClient versions 6.4.6 and below, consider updating to a version above 6.4.6 to resolve the issue. For FortiClient versions 6.2.9 and below, consider updating to a version above 6.2.9 to resolve the issue. For FortiClient versions 6.0.10 and below, consider updating to a version above 6.0.10 to resolve the issue.

Fix

Untrusted Search Path

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-426CWE-668

Related Identifiers

BDU:2022-07203

CVE-2021-43066

Affected Products

Forticlient

PT-2021-7520 · Fortinet · Forticlient

CVE-2021-43066

Weakness Enumeration

Related Identifiers

Affected Products

References · 7