Improper Initialization Vulnerability in Fortinet FortiClient for Windows
CVE-2021-44169

8.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Forticlientwindows
Vendor: CVE Published:; 6 April 2022

What is CVE-2021-44169?

An improper initialization vulnerability in Fortinet's FortiClient for Windows allows attackers to gain administrative privileges by placing a malicious executable within the directory of the FortiClient installer. This can potentially lead to unauthorized control over the system, posing significant security risks to users. It is crucial for affected users to follow the guidelines provided by Fortinet to address this vulnerability and mitigate the risk.

Affected Version(s)

Fortinet FortiClientWindows FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

References

https://fortiguard.com/psirt/FG-IR-21-238

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2022
Vulnerability Reserved
Nov 23, 2021