CVE-2021-43065

Published: Dec 9, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.

Affected (3)

Products: Fortinet: Fortinac

Fortinet

1 product

Fortinac

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortinac	From 8.8.0 to 8.8.10
Fortinet Fortinac	From 9.1.0 to 9.1.4
Fortinet Fortinac	Version 9.2.0

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://fortiguard.com/advisory/FG-IR-21-178

Source: psirt@fortinet.com

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h

Source: psirt@fortinet.com

ExploitThird Party Advisory

https://fortiguard.com/advisory/FG-IR-21-178

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.