CVE-2021-22127: OS Command Injection
First published: Wed Apr 06 2022(Updated: )
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Forticlient | <6.2.9 | |
| Fortinet Forticlient | >=6.4.0<6.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this FortiClient vulnerability?
The vulnerability ID is CVE-2021-22127.
What is the severity level of CVE-2021-22127?
The severity level of CVE-2021-22127 is high.
How does CVE-2021-22127 affect FortiClient for Linux?
CVE-2021-22127 affects FortiClient for Linux versions 6.4.x before 6.4.3 and 6.2.x before 6.2.9.
What is the impact of CVE-2021-22127?
CVE-2021-22127 allows an unauthenticated attacker to execute arbitrary code on the host operating system as root by tricking the user into connecting to a network with a malicious na.
Is there a fix available for CVE-2021-22127?
Yes, a fix is available. Users should update FortiClient for Linux to version 6.4.3 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet forticlient
- version/fortinet forticlient/6.4.0