CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-21-226 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:linux:*:*

History

13 Apr 2022, 20:07

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:forticlient:6.4.7:*:*:*:*:linux:*:*
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*
CWE CWE-200
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
References (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-226 - (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-226 - Patch, Vendor Advisory

06 Apr 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-06 10:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-43205

Mitre link : CVE-2021-43205

CVE.ORG link : CVE-2021-43205


JSON object : View

Products Affected

fortinet

  • forticlient
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor