Lucene search

FortinetCVE-2021-42758

HistoryDec 08, 2021 - 11:15 a.m.

CVE-2021-42758

2021-12-0811:15:11

CWE-863

fortinet

web.nvd.nist.gov

cve-2021-42758

nvd

fortiwlc

access control

cwe-284

vulnerability

security

bypassing gui restrictions

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Affected configurations

Nvd

Node

fortinetfortiwlcRange8.2.4–8.2.7

fortinetfortiwlcRange8.3.0–8.3.3

fortinetfortiwlcRange8.5.0–8.5.5

fortinetfortiwlcMatch8.0.5

fortinetfortiwlcMatch8.0.6

fortinetfortiwlcMatch8.1.2

fortinetfortiwlcMatch8.1.3

fortinetfortiwlcMatch8.4.0

fortinetfortiwlcMatch8.4.1

fortinetfortiwlcMatch8.4.2

fortinetfortiwlcMatch8.4.4

fortinetfortiwlcMatch8.4.5

fortinetfortiwlcMatch8.4.6

fortinetfortiwlcMatch8.4.7

fortinetfortiwlcMatch8.4.8

fortinetfortiwlcMatch8.6.0

fortinetfortiwlcMatch8.6.1

VendorProductVersionCPE
fortinetfortiwlc*cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*
fortinetfortiwlc8.0.5cpe:2.3:a:fortinet:fortiwlc:8.0.5:*:*:*:*:*:*:*
fortinetfortiwlc8.0.6cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:*
fortinetfortiwlc8.1.2cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:*
fortinetfortiwlc8.1.3cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:*
fortinetfortiwlc8.4.0cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
fortinetfortiwlc8.4.1cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
fortinetfortiwlc8.4.2cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
fortinetfortiwlc8.4.4cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
fortinetfortiwlc8.4.5cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiwlc	*	cpe:2.3:a:fortinet:fortiwlc::::::::
fortinet	fortiwlc	8.0.5	cpe:2.3:a:fortinet:fortiwlc:8.0.5:::::::*
fortinet	fortiwlc	8.0.6	cpe:2.3:a:fortinet:fortiwlc:8.0.6:::::::*
fortinet	fortiwlc	8.1.2	cpe:2.3:a:fortinet:fortiwlc:8.1.2:::::::*
fortinet	fortiwlc	8.1.3	cpe:2.3:a:fortinet:fortiwlc:8.1.3:::::::*
fortinet	fortiwlc	8.4.0	cpe:2.3:a:fortinet:fortiwlc:8.4.0:::::::*
fortinet	fortiwlc	8.4.1	cpe:2.3:a:fortinet:fortiwlc:8.4.1:::::::*
fortinet	fortiwlc	8.4.2	cpe:2.3:a:fortinet:fortiwlc:8.4.2:::::::*
fortinet	fortiwlc	8.4.4	cpe:2.3:a:fortinet:fortiwlc:8.4.4:::::::*
fortinet	fortiwlc	8.4.5	cpe:2.3:a:fortinet:fortiwlc:8.4.5:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "product": "Fortinet FortiWLC",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiWLC 8.6.1 and below"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-200

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

Related for CVE-2021-42758