Lucene search

[email protected]CVE-2021-42758

HistoryDec 08, 2021 - 11:15 a.m.

CVE-2021-42758

2021-12-0811:15:11

CWE-863

[email protected]

web.nvd.nist.gov

cve-2021-42758

nvd

fortiwlc

access control

cwe-284

vulnerability

security

bypassing gui restrictions

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Affected configurations

NVD

Node

fortinetfortiwlcRange8.2.4–8.2.7

fortinetfortiwlcRange8.3.0–8.3.3

fortinetfortiwlcRange8.5.0–8.5.5

fortinetfortiwlcMatch8.0.5

fortinetfortiwlcMatch8.0.6

fortinetfortiwlcMatch8.1.2

fortinetfortiwlcMatch8.1.3

fortinetfortiwlcMatch8.4.0

fortinetfortiwlcMatch8.4.1

fortinetfortiwlcMatch8.4.2

fortinetfortiwlcMatch8.4.4

fortinetfortiwlcMatch8.4.5

fortinetfortiwlcMatch8.4.6

fortinetfortiwlcMatch8.4.7

fortinetfortiwlcMatch8.4.8

fortinetfortiwlcMatch8.6.0

fortinetfortiwlcMatch8.6.1

CPENameOperatorVersion
fortinet:fortiwlcfortinet fortiwlcle8.2.7
fortinet:fortiwlcfortinet fortiwlcle8.3.3
fortinet:fortiwlcfortinet fortiwlcle8.5.5
fortinet:fortiwlcfortinet fortiwlceq8.0.5
fortinet:fortiwlcfortinet fortiwlceq8.0.6
fortinet:fortiwlcfortinet fortiwlceq8.1.2
fortinet:fortiwlcfortinet fortiwlceq8.1.3
fortinet:fortiwlcfortinet fortiwlceq8.4.0
fortinet:fortiwlcfortinet fortiwlceq8.4.1
fortinet:fortiwlcfortinet fortiwlceq8.4.2

CPE	Name	Operator	Version
fortinet:fortiwlc	fortinet fortiwlc	le	8.2.7
fortinet:fortiwlc	fortinet fortiwlc	le	8.3.3
fortinet:fortiwlc	fortinet fortiwlc	le	8.5.5
fortinet:fortiwlc	fortinet fortiwlc	eq	8.0.5
fortinet:fortiwlc	fortinet fortiwlc	eq	8.0.6
fortinet:fortiwlc	fortinet fortiwlc	eq	8.1.2
fortinet:fortiwlc	fortinet fortiwlc	eq	8.1.3
fortinet:fortiwlc	fortinet fortiwlc	eq	8.4.0
fortinet:fortiwlc	fortinet fortiwlc	eq	8.4.1
fortinet:fortiwlc	fortinet fortiwlc	eq	8.4.2

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "Fortinet FortiWLC",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWLC 8.6.1 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-200

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2021-42758

fortinet1 cvelist1 nvd1 prion1