PT-2021-7568 · Fortinet · Fortinac

Valentin Allaire

Published

2021-12-07

Updated

2022-07-28

CVE-2021-43065

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 8.8.9 and below Fortinet FortiNAC versions 9.1.3 and below Fortinet FortiNAC version 9.2.0

Description The issue is related to an incorrect permission assignment for a critical resource in Fortinet FortiNAC. This can allow an attacker to gain higher privileges by accessing sensitive system data.

Recommendations For Fortinet FortiNAC versions 8.8.9 and below, update to a version that contains a fix for this issue. For Fortinet FortiNAC versions 9.1.3 and below, update to a version that contains a fix for this issue. For Fortinet FortiNAC version 9.2.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive system data to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

BDU:2023-00091

CVE-2021-43065

GHSA-8WX4-G5P9-348H

Affected Products

Fortinac

PT-2021-7568 · Fortinet · Fortinac

CVE-2021-43065

Weakness Enumeration

Related Identifiers

Affected Products

References · 6