CVE-2021-41021

CWE-269Improper Privilege Management4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 89.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortinet FortinacFortinet Fortinac
Timeline
PublishedDec 8
Latest updateDec 9

Description

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortinac12 versions+11
CVEListV5fortinet/fortinet_fortinacFortiNAC 9.1.2, 9.1.1, 9.1.0, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.1, 8.8.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-9983-gjwx-g47w: A privilege escalation vulnerability in FortiNAC versions 82021-12-09
CVEList
CVE-2021-41021: A privilege escalation vulnerability in FortiNAC versions 82021-12-08

📋Vendor Advisories

1
Fortinet
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to...2021-12-08
CVE-2021-41021 (MEDIUM CVSS 6.7) | A privilege escalation vulnerabilit | cvebase.io