CVE-2021-43065
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Summary
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | Fortinet FortiNAC | FortiNAC 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0 | affected |
Weaknesses
- Escalation of privilege
ADP Enrichment
CVE Program Container
Additional References
- https://fortiguard.com/advisory/FG-IR-21-178
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://fortiguard.com/advisory/FG-IR-21-178
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.