| ID |
CVE-2021-41028
|
| Sažetak |
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. |
| Reference |
|
| CVSS |
| Base: | 5.4 |
| Impact: | 6.4 |
| Exploitability: | 5.5 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| ADJACENT_NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| CVSS vektor |
AV:A/AC:M/Au:N/C:P/I:P/A:P |
| Zadnje važnije ažuriranje |
04-01-2022 - 15:29 |
| Objavljeno |
16-12-2021 - 19:15 |
