PT-2021-5334 · Fortinet · Fortigate+1

Published

2021-11-02

Updated

2022-05-03

CVE-2021-36192

CVSS v3.1

5.2

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.0.1 and below FortiManager versions 6.4.6 and below FortiManager versions 6.2.x FortiManager versions 6.0.x FortiManager version 5.6.0

Description The issue is related to the exposure of sensitive information to unauthorized actors. This may allow a FortiGate user to see scripts from other ADOMS. The vulnerability is associated with the disclosure of information in an erroneous data area, which can be exploited by an attacker to reveal protected information.

Recommendations For FortiManager versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiManager versions 6.4.6 and below, update to a version above 6.4.6 to resolve the issue. For FortiManager versions 6.2.x, consider disabling access to scripts from other ADOMS until a patch is available. For FortiManager versions 6.0.x, restrict access to sensitive information to minimize the risk of exploitation. For FortiManager version 5.6.0, avoid using the vulnerable feature until the issue is resolved.

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

BDU:2021-06162

CVE-2021-36192

Affected Products

Fortigate

Fortimanager

PT-2021-5334 · Fortinet · Fortigate+1

CVE-2021-36192

Weakness Enumeration

Related Identifiers

Affected Products

References · 6