Lucene search

FortinetCVELIST:CVE-2021-32603

HistoryAug 05, 2021 - 10:41 a.m.

CVE-2021-32603

2021-08-0510:41:00

fortinet

www.cve.org

fortimanager

fortianalyser

gui

ssrf vulnerability

unauthorized access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RC:C

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.

CNA Affected

[
  {
    "product": "Fortinet FortiAnalyzer, FortiManager",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below;"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-050

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RC:C

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2021-32603