Description
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
E
Unchanged
RL
W
RC
Changed
Affected products
- fortinet / Fortinet FortiClientLinuxFortiClientLinux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below – FortiClientLinux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-21-232