Details of VAR-202204-1107

ID

VAR-202204-1107

CVE

CVE-2021-43205

TITLE

Linux for FortiClient Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009334

DESCRIPTION

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. Linux for FortiClient There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiClient is a structural agent of Fortinet Corporation in the United States. Used to provide protection, compliance and secure access in a single modular lightweight client

Trust: 1.8

sources: NVD: CVE-2021-43205 // JVNDB: JVNDB-2022-009334 // VULHUB: VHN-404252 // VULMON: CVE-2021-43205

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.2.4	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.4.4	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.2.9	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	eq	version:	6.4.7	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.2.6	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.2.9 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.4.7 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	7.0.2 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-009334 // NVD: CVE-2021-43205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43205
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-43205
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-43205
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-2439
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-404252
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-43205
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-43205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-404252
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-43205
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-43205
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-43205
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-404252 // VULMON: CVE-2021-43205 // JVNDB: JVNDB-2022-009334 // CNNVD: CNNVD-202204-2439 // NVD: CVE-2021-43205 // NVD: CVE-2021-43205

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-404252 // JVNDB: JVNDB-2022-009334 // NVD: CVE-2021-43205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2439

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202204-2439

PATCH

title:	FG-IR-21-226	url:	https://www.fortiguard.com/psirt/FG-IR-21-226	Trust: 0.8
title:	Fortinet FortiClient Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189252	Trust: 0.6

sources: JVNDB: JVNDB-2022-009334 // CNNVD: CNNVD-202204-2439

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43205	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009334	Trust: 0.8
db:	CS-HELP	id:	SB2022040712	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1515	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2439	Trust: 0.6
db:	CNVD	id:	CNVD-2022-47979	Trust: 0.1
db:	VULHUB	id:	VHN-404252	Trust: 0.1
db:	VULMON	id:	CVE-2021-43205	Trust: 0.1

sources: VULHUB: VHN-404252 // VULMON: CVE-2021-43205 // JVNDB: JVNDB-2022-009334 // CNNVD: CNNVD-202204-2439 // NVD: CVE-2021-43205

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-226	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43205	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022040712	Trust: 0.6
url:	https://vigilance.fr/vulnerability/forticlient-for-linux-information-disclosure-via-confighandler-webserver-37977	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1515	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-43205/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-404252 // VULMON: CVE-2021-43205 // JVNDB: JVNDB-2022-009334 // CNNVD: CNNVD-202204-2439 // NVD: CVE-2021-43205

SOURCES

db:	VULHUB	id:	VHN-404252
db:	VULMON	id:	CVE-2021-43205
db:	JVNDB	id:	JVNDB-2022-009334
db:	CNNVD	id:	CNNVD-202204-2439
db:	NVD	id:	CVE-2021-43205

LAST UPDATE DATE

2024-11-23T22:40:30.033000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-404252	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2021-43205	date:	2022-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009334	date:	2023-08-04T04:44:00
db:	CNNVD	id:	CNNVD-202204-2439	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2021-43205	date:	2024-11-21T06:28:50.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-404252	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2021-43205	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009334	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-2439	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2021-43205	date:	2022-04-06T10:15:08.037