Improper Initialization Vulnerability in Fortinet FortiClient for Windows
CVE-2021-44169

8.2HIGH

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
6 April 2022

What is CVE-2021-44169?

An improper initialization vulnerability in Fortinet's FortiClient for Windows allows attackers to gain administrative privileges by placing a malicious executable within the directory of the FortiClient installer. This can potentially lead to unauthorized control over the system, posing significant security risks to users. It is crucial for affected users to follow the guidelines provided by Fortinet to address this vulnerability and mitigate the risk.

Affected Version(s)

Fortinet FortiClientWindows FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.