Telemetry protocol is vulnerable to a MitM Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-075 Final 1 1 2021-12-07T00:00:00 Current version 2021-12-07T00:00:00 2021-12-07T00:00:00 A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. None Improper access control FortiClientEMS version 7.0.1 and below.FortiClientEMS version 6.4.6 and below.FortiClientWindows version 7.0.1 and below.FortiClientWindows version 6.4.6 and below.FortiClientLinux version 7.0.1 and below.FortiClientLinux version 6.4.6 and below.FortiClientMac version 7.0.1 and below.FortiClientMac version 6.4.6 and below. Please ugrade to FortiClientEMS version 7.0.2 or above.Please ugrade to FortiClientEMS version 6.4.7 or above.Please upgrade to FortiClientWindows 7.0.2 or above.Please upgrade to FortiClientWindows 6.4.7 or above.Please upgrade to FortiClientLinux 7.0.2 or above.Please upgrade to FortiClientLinux 6.4.7 or above.Please upgrade to FortiClientMac 7.0.2 or above.Please upgrade to FortiClientMac 6.4.7 or above. Fortinet is pleased to thank Steven Shockley for reporting this vulnerability under responsible disclosure. CVE-2021-41028 8.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-075 Telemetry protocol is vulnerable to a MitM Vulnerability Reference>