CVE-2021-44172 LOW

CVE-2021-44172

Vendor Fortinet
Product FortiClientEMS
Weakness CWE-200 · Info exposure
Published September 13, 2023
Last update September 24, 2024

CVSS base score

3.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:U

What the vulnerability does

01Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

Key dates

02Disclosure timeline

September 13, 2023 CVE published
September 24, 2024 Record updated