Lucene search

FortinetCVELIST:CVE-2021-32587

HistoryAug 06, 2021 - 10:51 a.m.

CVE-2021-32587

2021-08-0610:51:07

fortinet

www.cve.org

fortimanager

fortianalyzer

access control

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.

CNA Affected

[
  {
    "product": "Fortinet FortiAnalyzer, FortiManager",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-059

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-32587