Improper Symlink Following in FortiClient for Mac by Fortinet
CVE-2021-26089

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientmac
Vendor: CVE Published:; 12 July 2021

Summary

An improper symlink following vulnerability exists in FortiClient for Mac, allowing non-privileged users to execute arbitrary privileged shell commands during the installation phase. This could potentially lead to unauthorized access and manipulation of system commands, posing significant security risks. Users of FortiClient versions 6.4.3 and earlier should update their installations to mitigate these risks.

Affected Version(s)

Fortinet FortiClientMac FortiClientMac 6.4.3 and below

References

https://fortiguard.com/advisory/FG-IR-21-022

x_refsource_CONFIRM

https://www.zerodayinitiative.com/advisories/ZDI-22-078/

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2021
Vulnerability Reserved
Jan 25, 2021