CVE-2021-22127 HIGH

CVE-2021-22127

Vendor Fortinet
Product Fortinet FortiClientLinux
Published April 6, 2022
Last update October 25, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

What the vulnerability does

01Description

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

Key dates

02Disclosure timeline

April 6, 2022 CVE published
October 25, 2024 Record updated