admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-441xx/CVE-2021-44167.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

147 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-44167",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2022-05-11T15:15:08.657",
"lastModified": "2022-05-19T02:47:23.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links."
},
{
"lang": "es",
"value": "Una asignaci\u00f3n incorrecta de permisos para la vulnerabilidad de recursos cr\u00edticos [CWE-732] en FortiClient para Linux versi\u00f3n 6.0.8 y anteriores, 6.2.9 y anteriores, 6.4.7 y anteriores, 7.0.2 y anteriores, puede permitir a un atacante no autenticado acceder a informaci\u00f3n confidencial en archivos de registro y directorios por medio de enlaces simb\u00f3licos"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.8",
"matchCriteriaId": "5013B473-D48E-407D-9DD8-D34217D56593"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.2.0",
"versionEndIncluding": "6.2.9",
"matchCriteriaId": "2F0755CA-2961-4F74-8044-761178AB0312"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.7",
"matchCriteriaId": "8272E788-A792-4DF6-849F-B96E9728436F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.2",
"matchCriteriaId": "C2BA9490-8A6D-4D13-9C19-D31714F8F2F1"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-232",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink