FortiClient EMS - SAML SSO replay attack
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-192
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
None
Escalation of privilege
FortiClientEMS version 7.0.1 and below. FortiClientEMS version 6.4.4 and below.
Please upgrade to FortiClientEMS version 6.4.7 or above. Please upgrade to FortiClientEMS version 7.0.2 or above.
Internally discovered and reported by Fortinet
FortiClientEMS 7.0.1
FortiClientEMS 7.0.0
FortiClientEMS 6.4.4
FortiClientEMS 6.4.3
FortiClientEMS 6.4.2
FortiClientEMS 6.4.1
FortiClientEMS 6.4.0
FortiClientEMS 6.2.9
FortiClientEMS 6.2.8
FortiClientEMS 6.2.7
FortiClientEMS 6.2.6
FortiClientEMS 6.2.4
FortiClientEMS 6.2.3
FortiClientEMS 6.2.2
FortiClientEMS 6.2.1
FortiClientEMS 6.2.0
FortiClient EMS - SAML SSO replay attack
CVE-2021-41030
FortiClientEMS-7.0.1
FortiClientEMS-7.0.0
FortiClientEMS-6.4.4
FortiClientEMS-6.4.3
FortiClientEMS-6.4.2
FortiClientEMS-6.4.1
FortiClientEMS-6.4.0
FortiClientEMS-6.2.9
FortiClientEMS-6.2.8
FortiClientEMS-6.2.7
FortiClientEMS-6.2.6
FortiClientEMS-6.2.4
FortiClientEMS-6.2.3
FortiClientEMS-6.2.2
FortiClientEMS-6.2.1
FortiClientEMS-6.2.0
5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-192
FortiClient EMS - SAML SSO replay attack
Reference>