1. Home
  2. CVE Database
  3. CVE-2021-41028
HIGH · 8.2

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in Fort...

Vulnerability Description

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FortinetForticlient>= 6.0.0, <= 6.0.9
FortinetForticlient Endpoint Management Server>= 6.2.0, <= 6.2.9

Related Weaknesses (CWE)

CWE-295CWE-798

References

FAQ

What is CVE-2021-41028?

CVE-2021-41028 is a vulnerability with a CVSS score of 8.2 (HIGH). A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in Fort...

How severe is CVE-2021-41028?

CVE-2021-41028 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41028?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Forticlient, Fortinet Forticlient Endpoint Management Server.