Vulnerability CVE-2021-42758


Published: 2021-12-08

Description:
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Fortinet -> Fortiwlc 

 References:
https://fortiguard.com/advisory/FG-IR-21-200

Copyright 2022, cxsecurity.com

 

Back to Top