CVE-2021-43076

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 65.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedSep 6

Latest updateSep 7

Description

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDfortinet/fortiadc5.3.0 — 5.3.7+5

▶CVEListV5fortinet/fortiadcFortiADC 6.2.1, 6.2.0, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0

🔴Vulnerability Details

GHSA

GHSA-vcjf-q2w8-qgmr: An improper privilege management vulnerability [CWE-269] in FortiADC versions 6↗2022-09-07

▶

CVEList

CVE-2021-43076: An improper privilege management vulnerability [CWE-269] in FortiADC versions 6↗2022-09-06

▶

📋Vendor Advisories

Fortinet

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 an...↗2022-09-06

▶