CVE-2021-24017

CWE-287Improper Authentication4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 63.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortinet Fortimanager
Timeline
PublishedSep 30
Latest updateMay 24

Description

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDfortinet/fortimanager6.4.06.4.4+1
CVEListV5fortinet/fortinet_fortimanagerFortiManager 6.4.3, 6.2.6

🔴Vulnerability Details

2
GHSA
GHSA-rgxm-gc8m-pfh9: An improper authentication in Fortinet FortiManager version 62022-05-24
CVEList
CVE-2021-24017: An improper authentication in Fortinet FortiManager version 62021-09-30

📋Vendor Advisories

1
Fortinet
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign a...2021-09-30
CVE-2021-24017 (MEDIUM CVSS 4.3) | An improper authentication in Forti | cvebase.io