| |
Vulnerability CVE-2021-42758
Published: 2021-12-08
| Description: |
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. |
Type:
CWE-863 (Incorrect Authorization)
CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
9/10 |
10/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://fortiguard.com/advisory/FG-IR-21-200
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
