CVE-2021-32592

Published Dec 1, 2021

Last updated 3 years ago

CVSS high 7.8

Overview

Description: An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-427

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BF4B4CA-81E0-42EA-9EA4-66A4414345C9",
            "versionEndIncluding": "6.0.9",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5601CD7-A7CE-4FC5-A635-B20B415DC8C4",
            "versionEndIncluding": "6.2.9",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "498A1406-3D4F-4935-82E3-7BE699136DBC",
            "versionEndExcluding": "6.4.7",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43B7F057-9D03-4687-8B04-FDE3A94C3EA3"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "239E4215-D6D7-48D4-A3AF-5981C949A700",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C331B17-F3B4-42C1-8050-F35414C5686C",
            "versionEndIncluding": "6.2.9",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7015BBF-7E52-410C-9158-BC08C4AD9CA7",
            "versionEndExcluding": "6.4.7",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C448C03-C45D-4348-BE21-352FFCA4DEFD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References