ID

VAR-202111-0343


CVE

CVE-2021-36183


TITLE

Windows  for  FortiClient  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014568

DESCRIPTION

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. Windows for FortiClient Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClientWindows is a Windows-based mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances

Trust: 1.71

sources: NVD: CVE-2021-36183 // JVNDB: JVNDB-2021-014568 // VULHUB: VHN-398005

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:forticlientscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:lteversion:6.4.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:lteversion:7.0.1 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-014568 // NVD: CVE-2021-36183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36183
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-36183
value: HIGH

Trust: 1.0

NVD: CVE-2021-36183
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-334
value: HIGH

Trust: 0.6

VULHUB: VHN-398005
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-36183
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398005
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36183
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-36183
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.4
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-36183
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183 // NVD: CVE-2021-36183

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // NVD: CVE-2021-36183

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-334

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-334

PATCH

title:FG-IR-20-079url:https://www.fortiguard.com/psirt/FG-IR-20-079

Trust: 0.8

title:Fortinet FortiClientWindows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168765

Trust: 0.6

sources: JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334

EXTERNAL IDS

db:NVDid:CVE-2021-36183

Trust: 3.3

db:JVNDBid:JVNDB-2021-014568

Trust: 0.8

db:CNNVDid:CNNVD-202111-334

Trust: 0.7

db:VULHUBid:VHN-398005

Trust: 0.1

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-079

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36183

Trust: 1.4

url:https://vigilance.fr/vulnerability/fortinet-forticlient-privilege-escalation-via-updates-named-pipe-36797

Trust: 0.6

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183

SOURCES

db:VULHUBid:VHN-398005
db:JVNDBid:JVNDB-2021-014568
db:CNNVDid:CNNVD-202111-334
db:NVDid:CVE-2021-36183

LAST UPDATE DATE

2024-08-14T14:37:50.400000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398005date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2021-014568date:2022-10-20T07:52:00
db:CNNVDid:CNNVD-202111-334date:2022-05-05T00:00:00
db:NVDid:CVE-2021-36183date:2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-398005date:2021-11-02T00:00:00
db:JVNDBid:JVNDB-2021-014568date:2022-10-20T00:00:00
db:CNNVDid:CNNVD-202111-334date:2021-11-02T00:00:00
db:NVDid:CVE-2021-36183date:2021-11-02T19:15:07.830