{"containers":{"cna":{"affected":[{"product":"Fortinet FortiClientLinux","vendor":"Fortinet","versions":[{"status":"affected","version":"FortiClientLinux 6.4.2 and below, FortiClientLinux 6.2.8 and below"}]}],"descriptions":[{"lang":"en","value":"An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","exploitCodeMaturity":"PROOF_OF_CONCEPT","integrityImpact":"HIGH","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"UNCHANGED","temporalScore":6.7,"temporalSeverity":"MEDIUM","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Execute unauthorized code or commands","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-04-06T16:00:33.000Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://fortiguard.com/advisory/FG-IR-20-241"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","ID":"CVE-2021-22127","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortinet FortiClientLinux","version":{"version_data":[{"version_value":"FortiClientLinux 6.4.2 and below, FortiClientLinux 6.2.8 and below"}]}}]},"vendor_name":"Fortinet"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name."}]},"impact":{"cvss":{"attackComplexity":"High","attackVector":"Adjacent","availabilityImpact":"High","baseScore":6.7,"baseSeverity":"Medium","confidentialityImpact":"High","integrityImpact":"High","privilegesRequired":"None","scope":"Unchanged","userInteraction":"Required","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands"}]}]},"references":{"reference_data":[{"name":"https://fortiguard.com/advisory/FG-IR-20-241","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-20-241"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T18:30:23.950Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://fortiguard.com/advisory/FG-IR-20-241"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:12:41.143992Z","id":"CVE-2021-22127","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-25T13:32:52.692Z"}}]},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2021-22127","datePublished":"2022-04-06T16:00:33.000Z","dateReserved":"2021-01-04T00:00:00.000Z","dateUpdated":"2024-10-25T13:32:52.692Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}