← back
CVE-2021-32587

CVE-2021-32587

CVSS 4.3 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C
Affected products
Fortinet · Fortinet FortiAnalyzer, FortiManager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-21-059