CVE-2021-36167
Description
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.13
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41031 are affected in Forticlient (x64) 6.4.6 | Windows |
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41031 are affected in Forticlient 6.4.6 | Windows |
| Vulnerabilities CVE-2019-16150,CVE-2020-15934,CVE-2021-36167 are affected in Forticlient (x64) 6.2.7 | Windows |
| Vulnerabilities CVE-2019-16150,CVE-2020-15934,CVE-2021-36167 are affected in Forticlient 6.2.7 | Windows |
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41028,CVE-2021-41031 are affected in Forticlient (x64) 6.4.6 | Windows |
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41028 are affected in Forticlient (x64) 7.0.0 | Windows |
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41028,CVE-2021-41031 are affected in Forticlient 6.4.6 | Windows |
| Vulnerabilities CVE-2021-32592,CVE-2021-36167,CVE-2021-41028 are affected in Forticlient 7.0.0 | Windows |
| CVE-2021-36167 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234