CVE-2021-32592

CVE Database · CVE-2021-32592

CVE-2021-32592

· HIGHModified

CVSS v3.1

7.8

EPSS

0.24%

Published

Dec 1, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-427

Affected Products (8)

fortinet · forticlientvulnerable

fortinet · forticlient (up to 6.4.7)vulnerable

fortinet · forticlientvulnerable

fortinet · forticlient_enterprise_management_servervulnerable

fortinet · forticlient_enterprise_management_server (up to 6.4.7)vulnerable

fortinet · forticlient_enterprise_management_servervulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-21-088

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-21-088

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs