Improper Authorization Vulnerability in FortiClient by Fortinet
CVE-2021-36167
4.3MEDIUM
What is CVE-2021-36167?
FortiClient, developed by Fortinet, is affected by an improper authorization vulnerability that allows attackers to bypass webfilter controls. In versions 7.0.0, 6.4.6 and earlier, as well as 6.2.8 and prior, an unauthenticated attacker may exploit this flaw by modifying the session-id parameter, which poses a risk to network security. Users of these versions should update their software to mitigate potential exploitation.
Affected Version(s)
Fortinet FortiClientWindows FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0