Lucene search

FortinetCVELIST:CVE-2021-42758

HistoryDec 08, 2021 - 10:53 a.m.

CVE-2021-42758

2021-12-0810:53:03

fortinet

www.cve.org

access control

fortiwlc

vulnerability

gui restrictions

cwe-284

remote attacker

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R

AI Score

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

CNA Affected

[
  {
    "product": "Fortinet FortiWLC",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWLC 8.6.1 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-200

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R

AI Score

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

Related for CVELIST:CVE-2021-42758