CVE-2021-43066

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-21-154 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-610 CWE-668

19 May 2022, 14:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
CPE cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
References (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-154 - (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-154 - Vendor Advisory
CWE CWE-610

11 May 2022, 17:20

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 16:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-43066

Mitre link : CVE-2021-43066

CVE.ORG link : CVE-2021-43066


JSON object : View

Products Affected

fortinet

  • forticlient
CWE
CWE-668

Exposure of Resource to Wrong Sphere