An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-21-022 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-078/ | Third Party Advisory VDB Entry |
| https://fortiguard.com/advisory/FG-IR-21-022 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-078/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 05:55
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/advisory/FG-IR-21-022 - Vendor Advisory | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-22-078/ - Third Party Advisory, VDB Entry | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.7 |
30 Mar 2022, 15:35
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-078/ - Third Party Advisory, VDB Entry |
17 Jan 2022, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Jul 2021, 19:38
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-59 | |
| CPE | cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:* | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
| References | (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-022 - Vendor Advisory |
12 Jul 2021, 13:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-07-12 13:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-26089
Mitre link : CVE-2021-26089
CVE.ORG link : CVE-2021-26089
JSON object : View
Products Affected
fortinet
- forticlient
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')