Lucene search

FortinetCVELIST:CVE-2021-22127

HistoryApr 06, 2022 - 4:00 p.m.

CVE-2021-22127

2022-04-0616:00:33

fortinet

www.cve.org

improper input validation

forticlient

linux

arbitrary code execution

network vulnerability

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

28.5%

JSON

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

CNA Affected

[
  {
    "product": "Fortinet FortiClientLinux",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientLinux 6.4.2 and below, FortiClientLinux 6.2.8 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-241

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

28.5%

JSON

Related for CVELIST:CVE-2021-22127