CVE-2021-22127: 
FortiClient vulnerability analysis and mitigation

CVE-2021-22127 is an improper input validation vulnerability affecting FortiClient for Linux versions 6.4.x before 6.4.3 and 6.2.x before 6.2.9. The vulnerability was discovered internally by Fortinet's Product Security team and was publicly disclosed on September 7, 2021. This security flaw affects the GUI component of FortiClient for Linux installations (FortiGuard PSIRT, CVE Mitre).

The vulnerability is classified as an OS command injection (CWE-78) with a CVSSv3 score of 6.7 (Medium severity). The flaw exists in the GUI component of FortiClient for Linux and allows for command injection through improper input validation. The vulnerability requires the attacker to have control over the access point the host is connected to, making it a network-adjacent attack vector (FortiGuard PSIRT).

If successfully exploited, this vulnerability allows an unauthenticated, network-adjacent attacker to execute privileged and arbitrary commands on the Linux system where FortiClient is running. The commands would be executed with root privileges, potentially giving the attacker complete control over the affected system (FortiGuard PSIRT).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiClient for Linux version 6.2.9 or above for the 6.2.x branch, or version 6.4.3 or above for the 6.4.x branch (FortiGuard PSIRT).