ID

VAR-202112-0399


CVE

CVE-2021-43204


TITLE

FortiClientWindows  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015926

DESCRIPTION

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. FortiClientWindows Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-43204 // JVNDB: JVNDB-2021-015926 // VULHUB: VHN-404251

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.7

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.1.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.0.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.1.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.2.9

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.5

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:5.0.11

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.1.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:5.4.5

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.0.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.5

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.1.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:5.6.6

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.0.2

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.10

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.6

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.3

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.3.0

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:5.2.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:4.2.6

Trust: 1.0

vendor:フォーティネットmodel:forticlientscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:lteversion:6.0.10 and earlier

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:forticlientscope:lteversion:6.2.9 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-015926 // NVD: CVE-2021-43204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43204
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43204
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43204
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-558
value: MEDIUM

Trust: 0.6

VULHUB: VHN-404251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43204
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404251
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43204
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015926
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404251 // JVNDB: JVNDB-2021-015926 // CNNVD: CNNVD-202112-558 // NVD: CVE-2021-43204 // NVD: CVE-2021-43204

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015926 // NVD: CVE-2021-43204

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-558

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-558

PATCH

title:FG-IR-21-167url:https://www.fortiguard.com/psirt/FG-IR-21-167

Trust: 0.8

title:Fortinet FortiClient Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173999

Trust: 0.6

sources: JVNDB: JVNDB-2021-015926 // CNNVD: CNNVD-202112-558

EXTERNAL IDS

db:NVDid:CVE-2021-43204

Trust: 3.3

db:JVNDBid:JVNDB-2021-015926

Trust: 0.8

db:CNNVDid:CNNVD-202112-558

Trust: 0.6

db:VULHUBid:VHN-404251

Trust: 0.1

sources: VULHUB: VHN-404251 // JVNDB: JVNDB-2021-015926 // CNNVD: CNNVD-202112-558 // NVD: CVE-2021-43204

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-167

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43204

Trust: 0.8

url:https://vigilance.fr/vulnerability/forticlient-denial-of-service-via-folder-access-permission-change-37025

Trust: 0.6

sources: VULHUB: VHN-404251 // JVNDB: JVNDB-2021-015926 // CNNVD: CNNVD-202112-558 // NVD: CVE-2021-43204

SOURCES

db:VULHUBid:VHN-404251
db:JVNDBid:JVNDB-2021-015926
db:CNNVDid:CNNVD-202112-558
db:NVDid:CVE-2021-43204

LAST UPDATE DATE

2024-11-23T22:32:59.573000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404251date:2021-12-10T00:00:00
db:JVNDBid:JVNDB-2021-015926date:2022-12-02T08:15:00
db:CNNVDid:CNNVD-202112-558date:2021-12-13T00:00:00
db:NVDid:CVE-2021-43204date:2024-11-21T06:28:50.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-404251date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015926date:2022-12-02T00:00:00
db:CNNVDid:CNNVD-202112-558date:2021-12-07T00:00:00
db:NVDid:CVE-2021-43204date:2021-12-09T09:15:07.080