CVE-2021-41032

CWE-668Exposure to Wrong Sphere4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 56.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortinet Fortios
Timeline
PublishedMay 4
Latest updateMay 5

Description

An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDfortinet/fortios6.2.06.4.9+1
CVEListV5fortinet/fortinet_fortiosFortiOS 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

🔴Vulnerability Details

2
GHSA
GHSA-hqf6-vvj2-cj4w: An improper access control vulnerability [CWE-284] in FortiOS versions 62022-05-05
CVEList
CVE-2021-41032: An improper access control vulnerability [CWE-284] in FortiOS versions 62022-05-04

📋Vendor Advisories

1
Fortinet
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an...2022-05-04
CVE-2021-41032 (MEDIUM CVSS 5.4) | An improper access control vulnerab | cvebase.io