An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-21-088 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Dec 2021, 16:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-088 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
| CPE | cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:windows:*:* cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:* |
|
| CWE | CWE-427 |
01 Dec 2021, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-12-01 12:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-32592
Mitre link : CVE-2021-32592
CVE.ORG link : CVE-2021-32592
JSON object : View
Products Affected
fortinet
- forticlient_enterprise_management_server
- forticlient
CWE
CWE-427
Uncontrolled Search Path Element