CVE-2021-43076

2022-09-0616:15:08

CWE-269

[email protected]

web.nvd.nist.gov

fortiadc

privilege management

vulnerability

remote attacker

shell access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.6%

JSON

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.

Affected configurations

Nvd

Node

fortinetfortiadcRange5.3.0–5.3.7

fortinetfortiadcRange5.4.0–5.4.5

fortinetfortiadcRange6.0.0–6.0.4

fortinetfortiadcRange6.1.0–6.1.5

fortinetfortiadcMatch6.2.0

fortinetfortiadcMatch6.2.1

VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
fortinetfortiadc6.2.0cpe:2.3:a:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
fortinetfortiadc6.2.1cpe:2.3:a:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiadc	*	cpe:2.3:a:fortinet:fortiadc::::::::
fortinet	fortiadc	6.2.0	cpe:2.3:a:fortinet:fortiadc:6.2.0:::::::*
fortinet	fortiadc	6.2.1	cpe:2.3:a:fortinet:fortiadc:6.2.1:::::::*