PT-2022-11805 · Fortinet · Forticlient

Published

2022-04-06

Updated

2022-04-13

CVE-2021-43205

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiClient for Linux versions 7.0.2 and below FortiClient for Linux versions 6.4.7 and below FortiClient for Linux versions 6.2.9 and below

Description The issue allows an unauthenticated attacker to access the confighandler webserver via external binaries, potentially exposing sensitive information to unauthorized actors. This is due to an exposure of sensitive information vulnerability.

Recommendations For FortiClient for Linux versions 7.0.2 and below, update to a version above 7.0.2 to resolve the issue. For FortiClient for Linux versions 6.4.7 and below, update to a version above 6.4.7 to resolve the issue. For FortiClient for Linux versions 6.2.9 and below, update to a version above 6.2.9 to resolve the issue. As a temporary workaround, consider restricting access to the confighandler webserver to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-43205

Affected Products

Forticlient

PT-2022-11805 · Fortinet · Forticlient

CVE-2021-43205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6