[FortiClient] command injection in FTC for Linux Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-241 Final 1 1 2021-09-07T00:00:00 Current version 2021-09-07T00:00:00 2021-09-07T00:00:00 An OS command injection (CWE-78) vulnerability in FortiClient for Linux may allow an unauthenticated, network-adjacent attacker to execute privileged and arbitrary commands on the Linux appliance on which FortiClient is running by tricking the user into connecting to a network with a malicious name (SSID).A successful attack requires that the attacker has control over the access point the host is connected to. Execute unauthorized code or commands FortiClient for Linux versions 6.2.8 and below.FortiClient for Linux versions 6.4.2 and below. Please upgrade to FortiClient for Linux version 6.2.9 or above.Please upgrade to FortiClient for Linux version 6.4.3 or above. Internally discovered and reported by visage of Fortinet Product Security team CVE-2021-22127 6.7 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-241 [FortiClient] command injection in FTC for Linux Reference>