From f7420473cdbc2ef0784f367a0576f599dd1a682d Mon Sep 17 00:00:00 2001
From: Fortinet PSIRT Team <psirt_team@fortinet.com>
Date: Wed, 11 May 2022 17:36:17 +0200
Subject: [PATCH] Commit CVE-2021-43066

---
 2021/43xxx/CVE-2021-43066.json | 66 ++++++++++++++++++++++++++++++++--
 1 file changed, 63 insertions(+), 3 deletions(-)

diff --git a/2021/43xxx/CVE-2021-43066.json b/2021/43xxx/CVE-2021-43066.json
index 05e727d8f74..98071f0c2ed 100644
--- a/2021/43xxx/CVE-2021-43066.json
+++ b/2021/43xxx/CVE-2021-43066.json
@@ -4,14 +4,74 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-43066",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiClientWindows",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiClientWindows 7.0.2 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Local",
+            "availabilityImpact": "High",
+            "baseScore": 8.4,
+            "baseSeverity": "High",
+            "confidentialityImpact": "None",
+            "integrityImpact": "High",
+            "privilegesRequired": "Low",
+            "scope": "Changed",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:H/RL:U/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Escalation of privilege"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-21-154",
+                "url": "https://fortiguard.com/advisory/FG-IR-21-154"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer."
             }
         ]
     }