PT-2022-12007 · Fortinet · Forticlient For Linux
Published
2022-05-11
·
Updated
2022-05-19
·
CVE-2021-44167
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiClient for Linux versions 6.0.8 and below
FortiClient for Linux versions 6.2.9 and below
FortiClient for Linux versions 6.4.7 and below
FortiClient for Linux versions 7.0.2 and below
Description
The issue is related to an incorrect permission assignment for critical resources, which may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. This could potentially expose sensitive data.
Recommendations
For FortiClient for Linux versions 6.0.8 and below, update to a version above 6.0.8 to resolve the issue.
For FortiClient for Linux versions 6.2.9 and below, update to a version above 6.2.9 to resolve the issue.
For FortiClient for Linux versions 6.4.7 and below, update to a version above 6.4.7 to resolve the issue.
For FortiClient for Linux versions 7.0.2 and below, update to a version above 7.0.2 to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forticlient For Linux