CVE-2021-43065

CVE Database · CVE-2021-43065

CVE-2021-43065

· HIGHModified

CVSS v3.1

7.8

EPSS

0.43%

Published

Dec 9, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-732

Affected Products (3)

fortinet · fortinac (up to 8.8.10)vulnerable

fortinet · fortinac (up to 9.1.4)vulnerable

fortinet · fortinacvulnerable

References (4)

https://fortiguard.com/advisory/FG-IR-21-178

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h

ExploitThird Party Advisory

https://fortiguard.com/advisory/FG-IR-21-178

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs