CVE-2021-44169

HIGH

8.2

Descricao

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.

Detalhes CVE

Pontuacao CVSS v3.18.2

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado4/6/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

fortinet:forticlient

Fraquezas (CWE)

CWE-665

Referencias

https://fortiguard.com/psirt/FG-IR-21-238(psirt@fortinet.com)

https://fortiguard.com/psirt/FG-IR-21-238(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.