Details of VAR-202204-1108

ID

VAR-202204-1108

CVE

CVE-2021-44167

TITLE

Linux for FortiClient Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011201

DESCRIPTION

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. Linux for FortiClient Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2021-44167 // JVNDB: JVNDB-2022-011201 // VULHUB: VHN-406774 // VULMON: CVE-2021-44167

AFFECTED PRODUCTS

vendor:	fortinet	model:	forticlient	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.2.9	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.4.7	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	lte	version:	6.0.8	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	forticlient	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.2.9 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.0.8 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	6.4.7 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	lte	version:	7.0.2 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	forticlient	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011201 // NVD: CVE-2021-44167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44167
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-44167
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-44167
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2535
value:	HIGH
Trust: 0.6
VULHUB:	VHN-406774
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-44167
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-44167
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-406774
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44167
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-44167
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44167
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-406774 // VULMON: CVE-2021-44167 // JVNDB: JVNDB-2022-011201 // CNNVD: CNNVD-202204-2535 // NVD: CVE-2021-44167 // NVD: CVE-2021-44167

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-406774 // JVNDB: JVNDB-2022-011201 // NVD: CVE-2021-44167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2535

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2535

PATCH

title:	FG-IR-21-232	url:	https://www.fortiguard.com/psirt/FG-IR-21-232	Trust: 0.8
title:	Fortinet FortiClient Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193529	Trust: 0.6

sources: JVNDB: JVNDB-2022-011201 // CNNVD: CNNVD-202204-2535

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44167	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011201	Trust: 0.8
db:	CS-HELP	id:	SB2022040712	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1516	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2535	Trust: 0.6
db:	VULHUB	id:	VHN-406774	Trust: 0.1
db:	VULMON	id:	CVE-2021-44167	Trust: 0.1

sources: VULHUB: VHN-406774 // VULMON: CVE-2021-44167 // JVNDB: JVNDB-2022-011201 // CNNVD: CNNVD-202204-2535 // NVD: CVE-2021-44167

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-232	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44167	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022040712	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-44167/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/forticlient-for-linux-information-disclosure-via-symbolic-links-37978	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1516	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/732.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-406774 // VULMON: CVE-2021-44167 // JVNDB: JVNDB-2022-011201 // CNNVD: CNNVD-202204-2535 // NVD: CVE-2021-44167

SOURCES

db:	VULHUB	id:	VHN-406774
db:	VULMON	id:	CVE-2021-44167
db:	JVNDB	id:	JVNDB-2022-011201
db:	CNNVD	id:	CNNVD-202204-2535
db:	NVD	id:	CVE-2021-44167

LAST UPDATE DATE

2024-11-23T22:40:30.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-406774	date:	2022-05-19T00:00:00
db:	VULMON	id:	CVE-2021-44167	date:	2022-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-011201	date:	2023-08-21T04:39:00
db:	CNNVD	id:	CNNVD-202204-2535	date:	2022-05-20T00:00:00
db:	NVD	id:	CVE-2021-44167	date:	2024-11-21T06:30:29.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-406774	date:	2022-05-11T00:00:00
db:	VULMON	id:	CVE-2021-44167	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-011201	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-2535	date:	2022-04-05T00:00:00
db:	NVD	id:	CVE-2021-44167	date:	2022-05-11T15:15:08.657