ID

VAR-202108-0672


CVE

CVE-2021-32587


TITLE

FortiManager  and  FortiAnalyzer  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-009597

DESCRIPTION

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. FortiManager and FortiAnalyzer Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have an access control error vulnerability due to improper access restrictions. The vulnerability could allow a remote user to gain unauthorized access

Trust: 2.34

sources: NVD: CVE-2021-32587 // JVNDB: JVNDB-2021-009597 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392559 // VULMON: CVE-2021-32587

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:ltversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:ltversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortianalyzerscope:ltversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:gteversion:5.6.0

Trust: 1.0

vendor:フォーティネットmodel:fortianalyzerscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:lteversion:6.2.8 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:lteversion:6.4.5 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:lteversion:6.0.11 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:lteversion:5.6.11 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-009597 // NVD: CVE-2021-32587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-32587
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-32587
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-32587
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-360
value: MEDIUM

Trust: 0.6

VULHUB: VHN-392559
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32587
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32587
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-392559
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-32587
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-009597
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-392559 // VULMON: CVE-2021-32587 // JVNDB: JVNDB-2021-009597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-360 // NVD: CVE-2021-32587 // NVD: CVE-2021-32587

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009597 // NVD: CVE-2021-32587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-360

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-059url:https://www.fortiguard.com/psirt/FG-IR-21-059

Trust: 0.8

title:Fortinet FortiManager and Fortinet FortiAnalyzer Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158606

Trust: 0.6

sources: JVNDB: JVNDB-2021-009597 // CNNVD: CNNVD-202108-360

EXTERNAL IDS

db:NVDid:CVE-2021-32587

Trust: 3.4

db:JVNDBid:JVNDB-2021-009597

Trust: 0.8

db:CNNVDid:CNNVD-202108-360

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2617

Trust: 0.6

db:CS-HELPid:SB2021080318

Trust: 0.6

db:VULHUBid:VHN-392559

Trust: 0.1

db:VULMONid:CVE-2021-32587

Trust: 0.1

sources: VULHUB: VHN-392559 // VULMON: CVE-2021-32587 // JVNDB: JVNDB-2021-009597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-360 // NVD: CVE-2021-32587

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-059

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32587

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080318

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2617

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-administrators-account-list-36042

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-392559 // VULMON: CVE-2021-32587 // JVNDB: JVNDB-2021-009597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-360 // NVD: CVE-2021-32587

SOURCES

db:VULHUBid:VHN-392559
db:VULMONid:CVE-2021-32587
db:JVNDBid:JVNDB-2021-009597
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-360
db:NVDid:CVE-2021-32587

LAST UPDATE DATE

2024-08-14T12:09:25.660000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-392559date:2022-06-28T00:00:00
db:VULMONid:CVE-2021-32587date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-009597date:2022-05-11T07:26:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-360date:2021-08-24T00:00:00
db:NVDid:CVE-2021-32587date:2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-392559date:2021-08-06T00:00:00
db:VULMONid:CVE-2021-32587date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2021-009597date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-360date:2021-08-03T00:00:00
db:NVDid:CVE-2021-32587date:2021-08-06T11:15:07.357