CVE-2021-43066

HIGH

Fortinet Forticlient < 6.4.7 - Exposure to Wrong Actor

Title source: rule

Description

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-154

Scores

CVSS v3 8.4

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

fortinet/forticlient < 6.4.7

Timeline

Published May 11, 2022

Tracked Since Feb 18, 2026