CVE-2021-32592

Summary

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClientWindows, FortiClientEMSFortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x; FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.xaffected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References