Lucene search
FortinetCVELIST:CVE-2021-36167HistoryDec 09, 2021 - 9:33 a.m.
CVE-2021-36167
2021-12-0909:33:17
fortinet
www.cve.org
4
improper authorization
forticlient
windows
webfilter control
CVSS3
4.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
39.0%
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.
CNA Affected
[
{
"product": "Fortinet FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"
}
]
}
]References
Related
fortinet
fortinet
FortiClient (Windows) - Web filter bypass
2021-12-07 00:00:00
cnvd
cnvd
Fortinet FortiClient for Windows License Error Vulnerability
2021-12-13 00:00:00
nvd
nvd
CVE-2021-36167
2021-12-09 10:15:11
prion
prion
Authorization
2021-12-09 10:15:00
nessus
nessus
Fortinet FortiClient (FG-IR-20-127)
2024-06-14 00:00:00
cve
cve
CVE-2021-36167
2021-12-09 10:15:11
CVSS3
4.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
39.0%
Related for CVELIST:CVE-2021-36167