Details of VAR-202111-0343

ID

VAR-202111-0343

CVE

CVE-2021-36183

TITLE

Windows for FortiClient Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014568

DESCRIPTION

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. Windows for FortiClient Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClientWindows is a Windows-based mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances

Trust: 1.71

sources: NVD: CVE-2021-36183 // JVNDB: JVNDB-2021-014568 // VULHUB: VHN-398005

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	フォーティネット	model:	forticlient	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.4.2 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	7.0.1 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2021-014568 // NVD: CVE-2021-36183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36183
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36183
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36183
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-334
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398005
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36183
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398005
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36183
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36183
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36183
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183 // NVD: CVE-2021-36183

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // NVD: CVE-2021-36183

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-334

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-334

PATCH

title:	FG-IR-20-079	url:	https://www.fortiguard.com/psirt/FG-IR-20-079	Trust: 0.8
title:	Fortinet FortiClientWindows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168765	Trust: 0.6

sources: JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36183	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014568	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-334	Trust: 0.7
db:	VULHUB	id:	VHN-398005	Trust: 0.1

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-079	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36183	Trust: 1.4
url:	https://vigilance.fr/vulnerability/fortinet-forticlient-privilege-escalation-via-updates-named-pipe-36797	Trust: 0.6

sources: VULHUB: VHN-398005 // JVNDB: JVNDB-2021-014568 // CNNVD: CNNVD-202111-334 // NVD: CVE-2021-36183

SOURCES

db:	VULHUB	id:	VHN-398005
db:	JVNDB	id:	JVNDB-2021-014568
db:	CNNVD	id:	CNNVD-202111-334
db:	NVD	id:	CVE-2021-36183

LAST UPDATE DATE

2024-08-14T14:37:50.400000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398005	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-014568	date:	2022-10-20T07:52:00
db:	CNNVD	id:	CNNVD-202111-334	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2021-36183	date:	2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398005	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-014568	date:	2022-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202111-334	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2021-36183	date:	2021-11-02T19:15:07.830