CVE-2021-32587 — Incorrect Authorization in Fortinet Fortianalyzer

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 57.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager

Timeline

PublishedAug 6

Latest updateMay 24

Description

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortimanager5.6.0 — 6.4.6+1

▶NVDfortinet/fortianalyzer5.6.0 — 6.4.6+1

🔴Vulnerability Details

GHSA

GHSA-9662-jc44-mgqr: An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7↗2022-05-24

▶

CVEList

CVE-2021-32587: An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7↗2021-08-06

▶

📋Vendor Advisories

Fortinet

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 a...↗2021-08-06

▶