CVE-2021-41028

Name of the Vulnerable Software and Affected Versions FortiClientEMS versions 7.0.1 and below, 6.4.6 and below FortiClientWindows versions 7.0.1 and below, 6.4.6 and below FortiClientLinux versions 7.0.1 and below, 6.4.6 and below FortiClientMac versions 7.0.1 and below, 6.4.6 and below

Description The issue is related to a combination of a hard-coded cryptographic key vulnerability and an improper certificate validation vulnerability. This may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. The vulnerability can be exploited by a remote attacker to conduct man-in-the-middle attacks and disclose protected information.

Recommendations For FortiClientEMS versions 7.0.1 and below, 6.4.6 and below, update to a version that addresses the hard-coded cryptographic key vulnerability and improper certificate validation vulnerability. For FortiClientWindows versions 7.0.1 and below, 6.4.6 and below, update to a version that addresses the improper certificate validation vulnerability. For FortiClientLinux versions 7.0.1 and below, 6.4.6 and below, update to a version that addresses the improper certificate validation vulnerability. For FortiClientMac versions 7.0.1 and below, 6.4.6 and below, update to a version that addresses the improper certificate validation vulnerability. As a temporary workaround, consider restricting access to the telemetry protocol to minimize the risk of exploitation.