CVE-2021-36167 - Vulnerability Details - OpenCVE

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Forticlient

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:forticlient::::::windows::*
	cpe:2.3:a:fortinet:forticlient:6.2.7:::::windows::
	cpe:2.3:a:fortinet:forticlient:7.0.0:::::windows::

No data.

References

Link	Providers
https://fortiguard.com/advisory/FG-IR-20-127

History

Fri, 25 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2021-12-09T09:33:17

Updated: 2024-10-25T13:37:00.435Z

Reserved: 2021-07-06T00:00:00

Link: CVE-2021-36167

Vulnrichment

Updated: 2024-08-04T00:47:43.991Z

NVD

Status : Modified

Published: 2021-12-09T10:15:11.433

Modified: 2024-11-21T06:13:14.537

Link: CVE-2021-36167

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiClientWindows", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P/RL:X/RC:X", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Improper access control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-09T09:33:17", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-20-127"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-36167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiClientWindows", "version": {"version_data": [{"version_value": "FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "Low", "baseScore": 4.1, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P/RL:X/RC:X", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper access control"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-20-127", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-127"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:47:43.991Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-20-127"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:57:28.360964Z", "id": "CVE-2021-36167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T13:37:00.435Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-36167", "datePublished": "2021-12-09T09:33:17", "dateReserved": "2021-07-06T00:00:00", "dateUpdated": "2024-10-25T13:37:00.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-20-127", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:47:43.991Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-36167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:57:28.360964Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T13:58:27.510Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P/RL:X/RC:X", "temporalScore": 4.1, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "Fortinet FortiClientWindows", "versions": [{"status": "affected", "version": "FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"}]}], "references": [{"url": "https://fortiguard.com/advisory/FG-IR-20-127", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2021-12-09T09:33:17"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Changed", "version": "3.1", "baseScore": 4.1, "attackVector": "Local", "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:P/RL:X/RC:X", "integrityImpact": "None", "userInteraction": "None", "attackComplexity": "Low", "availabilityImpact": "Low", "privilegesRequired": "None", "confidentialityImpact": "None"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiClientWindows 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"}]}, "product_name": "Fortinet FortiClientWindows"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-20-127", "name": "https://fortiguard.com/advisory/FG-IR-20-127", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper access control"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-36167", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-36167", "state": "PUBLISHED", "dateUpdated": "2024-10-25T13:37:00.435Z", "dateReserved": "2021-07-06T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2021-12-09T09:33:17", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6001805D-D4FB-4071-AD9C-18B1016FA07A", "versionEndIncluding": "6.4.6", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient:6.2.7:*:*:*:*:windows:*:*", "matchCriteriaId": "95838427-5BED-4478-BD19-19A05512D84A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlient:7.0.0:*:*:*:*:windows:*:*", "matchCriteriaId": "43B7F057-9D03-4687-8B04-FDE3A94C3EA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada [CWE-285] en FortiClient Windows versiones 7.0.0 y 6.4.6 y anteriores y 6.2.8 y anteriores, puede permitir a un atacante no autenticado omitir el control del filtro web por medio de la modificaci\u00f3n del par\u00e1metro session-id"}], "id": "CVE-2021-36167", "lastModified": "2024-11-21T06:13:14.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-09T10:15:11.433", "references": [{"source": "psirt@fortinet.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-20-127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-20-127"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}