CVE-2021-24017

Summary

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiManagerFortiManager 6.4.3, 6.2.6affected

Weaknesses

  • Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References