Lucene search
FortinetCVELIST:CVE-2021-24017HistorySep 30, 2021 - 3:21 p.m.
CVE-2021-24017
2021-09-3015:21:03
fortinet
www.cve.org
4
fortinet fortimanager
improper authentication
arbitrary policy
crafted requests
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:H
AI Score
6
Confidence
High
EPSS
0.001
Percentile
22.7%
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
CNA Affected
[
{
"product": "Fortinet FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiManager 6.4.3, 6.2.6"
}
]
}
]References
Related
cve
cve
CVE-2021-24017
2021-09-30 16:15:07
prion
prion
Authentication flaw
2021-09-30 16:15:00
cnvd
cnvd
Fortinet FortiManager Licensing Issue Vulnerability
2021-09-09 00:00:00
fortinet
fortinet
FortiManager - Access Control missing in P&O module assignment vulnerability
2021-09-07 00:00:00
nvd
nvd
CVE-2021-24017
2021-09-30 16:15:07
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:H
AI Score
6
Confidence
High
EPSS
0.001
Percentile
22.7%
Related for CVELIST:CVE-2021-24017