PT-2021-21155 · Fortinet · Fortianalyzer+1

Published

2021-10-06

Updated

2021-10-14

CVE-2021-36170

CVSS v3.1

3.2

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiAnalyzerVM versions 7.0.0 and below FortiManagerVM versions 7.0.0 and below FortiAnalyzerVM version 6.4.6 and below FortiManagerVM version 6.4.6 and below

Description An information disclosure issue may allow an authenticated attacker to read the FortiCloud credentials used to activate the trial license in cleartext.

Recommendations For FortiAnalyzerVM versions 7.0.0 and below, update to a version that fixes this issue. For FortiManagerVM versions 7.0.0 and below, update to a version that fixes this issue. For FortiAnalyzerVM version 6.4.6 and below, update to a version that fixes this issue. For FortiManagerVM version 6.4.6 and below, update to a version that fixes this issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-36170

Affected Products

Fortianalyzer

Fortimanager

PT-2021-21155 · Fortinet · Fortianalyzer+1

CVE-2021-36170

Weakness Enumeration

Related Identifiers

Affected Products

References · 5