CVE-2021-32584

CWE-284Improper Access Control4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 74.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwlc
Timeline
PublishedMar 17

Description

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortiwlc8.1.38.5.4+1
CVEListV5fortinet/fortiwlc8.5.08.5.3+6

🔴Vulnerability Details

2
CVEList
CVE-2021-32584: An improper access control (CWE-284) vulnerability in FortiWLC version 82025-03-17
GHSA
GHSA-9cc9-h5mf-w5fr: An improper access control (CWE-284) vulnerability in FortiWLC version 82025-03-17

📋Vendor Advisories

1
Fortinet
An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and...2025-03-17
CVE-2021-32584 (MEDIUM CVSS 5.3) | An improper access control (CWE-284 | cvebase.io