CVE-2021-36183 HIGH

CVE-2021-36183

Vendor Fortinet
Product Fortinet FortiClientWindows
Published November 2, 2021
Last update October 25, 2024

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

What the vulnerability does

01Description

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

Key dates

02Disclosure timeline

November 2, 2021 CVE published
October 25, 2024 Record updated