Symbolic Link Following (CWE-59) Vulnerability in FortiClient for Linux

Symbolic Link Following (CWE-59) Vulnerability in FortiClient for Linux

CVE-2021-44167 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.