Vulnerability in Fortinet Forticlient

CVE-2021-44169

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious execu…

Vulnerability class: Dirty Pipe (CVE-2022-0847)

EPSS: 0.004 (29.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

  • Fortinet Forticlient
  • Fortinet Forticlientwindows — versions FortiClientWindows 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-44169?
CVE-2021-44169 is a high-severity vulnerability in Fortinet Forticlient, classified under Improper Initialization. CVSS score: 8.2/10. Published 2022-04-06.
How severe is CVE-2021-44169?
High severity. CVSS v3 base score is 8.2 out of 10.