| IR Number | FG-IR-21-088 |
| Date | Nov 29, 2021 |
| Severity |
High |
| CVSSv3 Score | 7.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2021-32592 |
| Affected Products |
FortiClientEMS
:
7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiClientWindows
:
7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClientWindows & FortiClient EMS - Privilege escalation via DLL Hijacking
Summary
An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
Affected Products
FortiClient 7.0.0
FortiClient 6.4.6 and below.
FortiClient 6.2 all versions
FortiClient 6.0 all versions
FortiClient EMS 7.0.0
FortiClient EMS 6.4.6 and below.
FortiClient EMS 6.2 all versions
FortiClient EMS 6.0 all versions
Solutions
Please upgrade to FortiClient 7.0.1 or above.
Please upgrade to FortiClient 6.4.7 or above.
Please upgrade to FortiClient EMS 7.0.1 or above.
Please upgrade to FortiClient EMS 6.4.7 or above.