Details of VAR-202107-0837

ID

VAR-202107-0837

CVE

CVE-2021-26089

TITLE

Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-693

DESCRIPTION

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the FortiClient installer. The issue lies in the lack of proper permissions set on log files created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. The service loads an OpenSSL configuration file from an unsecured location. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances

Trust: 2.88

sources: NVD: CVE-2021-26089 // ZDI: ZDI-21-693 // ZDI: ZDI-22-078 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385053 // VULMON: CVE-2021-26089

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient	scope:	-	version:	-	Trust: 1.4
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.4.3	Trust: 1.0

sources: ZDI: ZDI-21-693 // ZDI: ZDI-22-078 // NVD: CVE-2021-26089

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2021-26089
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2021-26089
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26089
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1365
value:	HIGH
Trust: 0.6
VULHUB:	VHN-385053
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-26089
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-26089
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-385053
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2021-26089
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2021-26089
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26089
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-21-693 // ZDI: ZDI-22-078 // VULHUB: VHN-385053 // VULMON: CVE-2021-26089 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1365 // NVD: CVE-2021-26089 // NVD: CVE-2021-26089

PROBLEMTYPE DATA

problemtype:

CWE-59

Trust: 1.1

sources: VULHUB: VHN-385053 // NVD: CVE-2021-26089

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1365

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Fortinet has issued an update to correct this vulnerability.	url:	https://www.fortiguard.com/psirt/FG-IR-21-022	Trust: 0.7
title:	Fortinet FortiClient Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154457	Trust: 0.6

sources: ZDI: ZDI-22-078 // CNNVD: CNNVD-202106-1365

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26089	Trust: 3.2
db:	ZDI	id:	ZDI-22-078	Trust: 2.4
db:	ZDI	id:	ZDI-21-693	Trust: 1.4
db:	ZDI_CAN	id:	ZDI-CAN-12128	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-14137	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061717	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2378	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1365	Trust: 0.6
db:	VULHUB	id:	VHN-385053	Trust: 0.1
db:	VULMON	id:	CVE-2021-26089	Trust: 0.1

sources: ZDI: ZDI-21-693 // ZDI: ZDI-22-078 // VULHUB: VHN-385053 // VULMON: CVE-2021-26089 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1365 // NVD: CVE-2021-26089

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-22-078/	Trust: 2.3
url:	https://fortiguard.com/advisory/fg-ir-21-022	Trust: 1.8
url:	https://www.fortiguard.com/psirt/fg-ir-21-022	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-21-693/	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2378	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061717	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortinet-forticlient-privilege-escalation-via-apple-macos-35728	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-078 // VULHUB: VHN-385053 // VULMON: CVE-2021-26089 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1365 // NVD: CVE-2021-26089

CREDITS

brsn

Trust: 1.3

sources: ZDI: ZDI-22-078 // CNNVD: CNNVD-202106-1365

SOURCES

db:	ZDI	id:	ZDI-21-693
db:	ZDI	id:	ZDI-22-078
db:	VULHUB	id:	VHN-385053
db:	VULMON	id:	CVE-2021-26089
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1365
db:	NVD	id:	CVE-2021-26089

LAST UPDATE DATE

2024-08-14T12:05:15.744000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-693	date:	2021-06-17T00:00:00
db:	ZDI	id:	ZDI-22-078	date:	2022-01-17T00:00:00
db:	VULHUB	id:	VHN-385053	date:	2022-03-30T00:00:00
db:	VULMON	id:	CVE-2021-26089	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1365	date:	2022-01-18T00:00:00
db:	NVD	id:	CVE-2021-26089	date:	2022-03-30T15:35:48.173

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-693	date:	2021-06-17T00:00:00
db:	ZDI	id:	ZDI-22-078	date:	2022-01-17T00:00:00
db:	VULHUB	id:	VHN-385053	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-26089	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1365	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-26089	date:	2021-07-12T13:15:07.767