CVE-2021-32587
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C
Summary
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | Fortinet FortiAnalyzer, FortiManager | FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below | affected |
Weaknesses
- Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.