Lucene search

FortinetCVELIST:CVE-2021-32600

HistoryNov 17, 2021 - 11:36 a.m.

CVE-2021-32600

2021-11-1711:36:23

fortinet

www.cve.org

cve-2021-32600

fortios

sensitive information

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.

CNA Affected

[
  {
    "product": "Fortinet FortiOS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x, 5.6.x"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-243

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-32600