CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

Published: Sep 13, 2023
Updated: Sep 20, 2023
CVE: CVE-2021-44172
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
fortinet / forticlient_endpoint_management_server	6.2.0	6.2.9.x
fortinet / forticlient_endpoint_management_server	7.0.6	7.0.7.x
fortinet / forticlient_endpoint_management_server	7.0.0	7.0.4.x
fortinet / forticlient_endpoint_management_server	6.4.0	6.4.9.x

https://fortiguard.com/psirt/FG-IR-21-244

Vulnerability Database

289,697

CVE-2021-44172