Description
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-167
Scores
CVSS v3
4.4
EPSS
0.0004
EPSS Percentile
14.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (32)
fortinet/forticlient
4.0.1
fortinet/forticlient
4.0.2
fortinet/forticlient
4.0.3
fortinet/forticlient
4.0.4
fortinet/forticlient
4.1.0
fortinet/forticlient
4.1.1
fortinet/forticlient
4.1.2
fortinet/forticlient
4.1.3
fortinet/forticlient
4.2.0
fortinet/forticlient
4.2.1
... and 22 more
Published
Dec 09, 2021
Tracked Since
Feb 18, 2026