CVE-2021-24017
published 2021-09-30CVE-2021-24017: An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | < 6.2.7 | 6.2.7 |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.4.0 < 6.4.4 | 6.4.4 |
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortimanager | — | — |