Lucene search
PRIOn knowledge basePRION:CVE-2021-41028HistoryDec 16, 2021 - 7:15 p.m.
Design/Logic Flaw
2021-12-1619:15:00
PRIOn knowledge base
www.prio-n.com
12
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
| CPE | Name | Operator | Version |
|---|---|---|---|
| forticlient | ge | 6.0.0 | |
| forticlient | le | 6.0.9 | |
| forticlient | eq | 7.0.0 | |
| forticlient | eq | 7.0.0 | |
| forticlient | ge | 6.2.0 | |
| forticlient | le | 6.2.9 | |
| forticlient | ge | 6.4.0 | |
| forticlient | le | 6.4.6 | |
| forticlient | ge | 6.2.0 | |
| forticlient | le | 6.2.9 |
References
Related
fortinet
fortinet
cnvd
cnvd
Fortinet FortiClient Trust Management Issue Vulnerability (CNVD-2022-03936)
2022-01-14 00:00:00
cvelist
cvelist
CVE-2021-41028
2021-12-16 18:13:38
nessus
nessus
Fortinet FortiClient (FG-IR-21-075) (macOS)
2024-06-14 00:00:00
Fortinet FortiClient (FG-IR-21-075)
2024-06-14 00:00:00
cve
cve
CVE-2021-41028
2021-12-16 19:15:08
nvd
nvd
CVE-2021-41028
2021-12-16 19:15:08