An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-232 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 May 2022, 02:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-732 | |
References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-232 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:* |
11 May 2022, 15:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-11 15:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-44167
Mitre link : CVE-2021-44167
CVE.ORG link : CVE-2021-44167
JSON object : View
Products Affected
fortinet
- forticlient
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource