Lucene search

[email protected]CVE-2021-41021

HistoryDec 08, 2021 - 6:15 p.m.

CVE-2021-41021

2021-12-0818:15:18

[email protected]

web.nvd.nist.gov

cve-2021-41021

fortinac

privilege escalation

vulnerability

admin user

root

sudo command

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RC:C

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

JSON

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

Affected configurations

NVD

Node

fortinetfortinacMatch8.8.0

fortinetfortinacMatch8.8.1

fortinetfortinacMatch8.8.2

fortinetfortinacMatch8.8.3

fortinetfortinacMatch8.8.4

fortinetfortinacMatch8.8.5

fortinetfortinacMatch8.8.6

fortinetfortinacMatch8.8.7

fortinetfortinacMatch8.8.8

fortinetfortinacMatch9.1.0

fortinetfortinacMatch9.1.1

fortinetfortinacMatch9.1.2

CPENameOperatorVersion
fortinet:fortinacfortinet fortinaceq8.8.0
fortinet:fortinacfortinet fortinaceq8.8.1
fortinet:fortinacfortinet fortinaceq8.8.2
fortinet:fortinacfortinet fortinaceq8.8.3
fortinet:fortinacfortinet fortinaceq8.8.4
fortinet:fortinacfortinet fortinaceq8.8.5
fortinet:fortinacfortinet fortinaceq8.8.6
fortinet:fortinacfortinet fortinaceq8.8.7
fortinet:fortinacfortinet fortinaceq8.8.8
fortinet:fortinacfortinet fortinaceq9.1.0

CPE	Name	Operator	Version
fortinet:fortinac	fortinet fortinac	eq	8.8.0
fortinet:fortinac	fortinet fortinac	eq	8.8.1
fortinet:fortinac	fortinet fortinac	eq	8.8.2
fortinet:fortinac	fortinet fortinac	eq	8.8.3
fortinet:fortinac	fortinet fortinac	eq	8.8.4
fortinet:fortinac	fortinet fortinac	eq	8.8.5
fortinet:fortinac	fortinet fortinac	eq	8.8.6
fortinet:fortinac	fortinet fortinac	eq	8.8.7
fortinet:fortinac	fortinet fortinac	eq	8.8.8
fortinet:fortinac	fortinet fortinac	eq	9.1.0

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Fortinet FortiNAC",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-182

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RC:C

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

JSON

Related for CVE-2021-41021

cnvd1 prion1 fortinet1 cvelist1 nvd1