CVE-2021-42758

Published: Dec 8, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Affected (17)

Products: Fortinet: Fortiwlc

Fortinet

1 product

Fortiwlc

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiwlc	From 8.2.4 to 8.2.7
Fortinet Fortiwlc	From 8.3.0 to 8.3.3
Fortinet Fortiwlc	From 8.5.0 to 8.5.5
Fortinet Fortiwlc	Version 8.0.5
Fortinet Fortiwlc	Version 8.0.6
Fortinet Fortiwlc	Version 8.1.2
Fortinet Fortiwlc	Version 8.1.3
Fortinet Fortiwlc	Version 8.4.0
Fortinet Fortiwlc	Version 8.4.1
Fortinet Fortiwlc	Version 8.4.2
Fortinet Fortiwlc	Version 8.4.4
Fortinet Fortiwlc	Version 8.4.5
Fortinet Fortiwlc	Version 8.4.6
Fortinet Fortiwlc	Version 8.4.7
Fortinet Fortiwlc	Version 8.4.8
Fortinet Fortiwlc	Version 8.6.0
Fortinet Fortiwlc	Version 8.6.1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://fortiguard.com/advisory/FG-IR-21-200

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/advisory/FG-IR-21-200

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.