CVE-2021-43205

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClientLinuxFortiClientLinux 7.0.2 and below, 6.4.7 and below, 6.2.9 and belowaffected

Weaknesses

  • Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References