CVE-2021-44167

Summary

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiClientLinuxFortiClientLinux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and belowaffected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References