CVE-2021-22127

7.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientlinux
Vendor: CVE Published:; 6 April 2022

Summary

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

Affected Version(s)

Fortinet FortiClientLinux FortiClientLinux 6.4.2 and below, FortiClientLinux 6.2.8 and below

References

https://fortiguard.com/advisory/FG-IR-20-241

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2022
Vulnerability Reserved
Jan 4, 2021