Lucene search

FortinetCVELIST:CVE-2021-36183

HistoryNov 02, 2021 - 6:41 p.m.

CVE-2021-36183

2021-11-0218:41:28

fortinet

www.cve.org

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

CNA Affected

[
  {
    "product": "Fortinet FortiClientWindows",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClientWindows 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-079

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2021-36183