CVE-2021-43204

EUVD-2021-30148
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
fortinetCNA
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
fortinetforticlient
5.0.0 ≤
𝑥
≤ 5.0.11
fortinetforticlient
5.4.0 ≤
𝑥
≤ 5.4.5
fortinetforticlient
5.6.0 ≤
𝑥
≤ 5.6.6
fortinetforticlient
6.0.0 ≤
𝑥
≤ 6.0.10
fortinetforticlient
6.2.0 ≤
𝑥
≤ 6.2.9
fortinetforticlient
4.0.1
fortinetforticlient
4.0.2
fortinetforticlient
4.0.3
fortinetforticlient
4.0.4
fortinetforticlient
4.1.0
fortinetforticlient
4.1.1
fortinetforticlient
4.1.2
fortinetforticlient
4.1.3
fortinetforticlient
4.2.0
fortinetforticlient
4.2.1
fortinetforticlient
4.2.2
fortinetforticlient
4.2.3
fortinetforticlient
4.2.4
fortinetforticlient
4.2.5
fortinetforticlient
4.2.6
fortinetforticlient
4.2.7
fortinetforticlient
4.3.0
fortinetforticlient
4.3.1
fortinetforticlient
4.3.2
fortinetforticlient
4.3.3
fortinetforticlient
4.3.4
fortinetforticlient
4.3.5
fortinetforticlient
5.2.0
fortinetforticlient
5.2.1
fortinetforticlient
5.2.2
fortinetforticlient
5.2.3
fortinetforticlient
5.2.4
fortinetforticlient
5.2.5
fortinetforticlient
5.2.6
fortinetforticlient
6.4.0
fortinetforticlient
6.4.1
𝑥
= Vulnerable software versions
References
https://fortiguard.com/advisory/FG-IR-21-167
https://fortiguard.com/advisory/FG-IR-21-167