fortinet forticlientems CVE-2021-41028 vulnerability in Fortinet Products
Published on December 16, 2021

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
HIGH

Products Associated with CVE-2021-41028

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-41028 are published in these products:

Fortinet Forticlientems
 
Fortinet Forticlientlinux
 
Fortinet Forticlientmac
 
Fortinet Forticlientwindows
 
Fortinet FortiClient
 
Fortinet Forticlient Endpoint Management Server
 

Affected Versions

Fortinet FortiClientEMS, FortiClientWindows, FortiClientLinux, FortiClientMac Version FortiClientEMS 7.0.1 and below, 6.4.6 and below, FortiClientWindows, FortiClientLinux, FortiClientMac 7.0.1 and below, 6.4.6 and below. is affected by CVE-2021-41028

Exploit Probability

EPSS
0.14%
Percentile
33.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.