CVE-2021-42758

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGH

EPSS

0.3%

top 51.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwlc Fortinet Fortinet Fortiwlc

Timeline

PublishedDec 8

Latest updateDec 9

Description

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiwlc8.2.4 — 8.2.7+16

▶CVEListV5fortinet/fortinet_fortiwlcFortiWLC 8.6.1 and below

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-85xx-79fp-6rmf: An improper access control vulnerability [CWE-284] in FortiWLC 8↗2021-12-09

▶

CVEList

CVE-2021-42758: An improper access control vulnerability [CWE-284] in FortiWLC 8↗2021-12-08

▶

📋Vendor Advisories

Fortinet

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote att...↗2021-12-08

▶