Home

Description

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

PUBLISHED Reserved 2021-01-04 | Published 2022-04-06 | Updated 2024-10-25 | Assigner fortinet




HIGH: 7.1CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

Problem types

Execute unauthorized code or commands

Product status

FortiClientLinux 6.4.2 and below, FortiClientLinux 6.2.8 and below
affected

References

fortiguard.com/advisory/FG-IR-20-241

fortiguard.com/advisory/FG-IR-20-241

cve.org (CVE-2021-22127)

nvd.nist.gov (CVE-2021-22127)

Download JSON