CVE-2021-24006

CWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 34.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortinet Fortimanager
Timeline
PublishedSep 6
Latest updateMay 24

Description

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDfortinet/fortimanager6.4.06.4.4
CVEListV5fortinet/fortinet_fortimanagerFortiManager 6.4.0 to 6.4.3

🔴Vulnerability Details

2
GHSA
GHSA-4vw3-f445-4gxj: An improper access control vulnerability in FortiManager versions 62022-05-24
CVEList
CVE-2021-24006: An improper access control vulnerability in FortiManager versions 62021-09-06

📋Vendor Advisories

1
Fortinet
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker wit...2021-09-06
CVE-2021-24006 (HIGH CVSS 8.8) | An improper access control vulnerab | cvebase.io