PT-2022-11357 · Fortinet · Fortios

Published

2022-05-03

Updated

2022-07-12

CVE-2021-41032

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.8 and prior FortiOS versions 7.0.3 and prior

Description An improper access control issue may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.

Recommendations For FortiOS versions 6.4.8 and prior, update to a version later than 6.4.8 to resolve the issue. For FortiOS versions 7.0.3 and prior, update to a version later than 7.0.3 to resolve the issue. As a temporary workaround, consider restricting access to specific CLI commands that can modify the SSL-VPN tunnel status of other VDOMs until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-41032

Affected Products

Fortios

PT-2022-11357 · Fortinet · Fortios

CVE-2021-41032

Related Identifiers

Affected Products

References · 6