CVE-2021-32592

HIGH

FortiClientWindows/EMS DLL Hijack via OpenSSL Engine Library

Title source: llm
STIX 2.1

Description

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-088

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 16.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (4)
fortinet/forticlient 7.0.0
fortinet/forticlient 6.0.0 - 6.0.9
fortinet/forticlient_enterprise_management_server 7.0.0
fortinet/forticlient_enterprise_management_server 6.0.0 - 6.0.6
Published Dec 01, 2021
Tracked Since Feb 18, 2026