CVE-2021-32584

Name of the Vulnerable Software and Affected Versions FortiWLC versions 8.6.0 and below FortiWLC versions 8.5.3 and below FortiWLC versions 8.4.8 and below FortiWLC versions 8.3.3 and below FortiWLC versions 8.2.7 through 8.2.4 FortiWLC version 8.1.3

Description An improper access control issue may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by specifying the correct URL. The issue applies only to limited CGI resources and might allow unauthorized parties to access configuration details.

Recommendations For FortiWLC versions 8.6.0 and below, consider restricting access to the web management CGI functionality until a patch is available. For FortiWLC versions 8.5.3 and below, restrict access to the vulnerable CGI resources to minimize the risk of exploitation. For FortiWLC versions 8.4.8 and below, avoid using the web management interface for sensitive operations until the issue is resolved. For FortiWLC versions 8.3.3 and below, limit access to configuration details through the CGI functionality. For FortiWLC versions 8.2.7 through 8.2.4, disable the web management CGI functionality temporarily as a workaround. For FortiWLC version 8.1.3, restrict access to the web management interface to prevent potential exploitation.