CVE-2021-32603 — Server-Side Request Forgery in Fortinet Fortimanager

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

6.5MEDIUMNVD

CNA8.8

EPSS

0.2%

top 55.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager

Timeline

PublishedAug 5

Latest updateMay 24

Description

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortimanager5.6.0 — 6.2.8+2

▶NVDfortinet/fortianalyzer5.6.0 — 6.2.8+2

🔴Vulnerability Details

GHSA

GHSA-44rr-jg32-2w2q: A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7↗2022-05-24

▶

CVEList

CVE-2021-32603: A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7↗2021-08-05

▶

📋Vendor Advisories

Fortinet

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and belo...↗2021-08-05

▶