ID

VAR-202109-0398


CVE

CVE-2021-24006


TITLE

FortiManager  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010804

DESCRIPTION

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. FortiManager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Trust: 2.34

sources: NVD: CVE-2021-24006 // JVNDB: JVNDB-2021-010804 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382724 // VULMON: CVE-2021-24006

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimanagerscope:ltversion:6.4.4

Trust: 1.0

vendor:フォーティネットmodel:fortimanagerscope:eqversion:6.4.0 to 6.4.3

Trust: 0.8

vendor:フォーティネットmodel:fortimanagerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010804 // NVD: CVE-2021-24006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24006
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-24006
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-24006
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-359
value: HIGH

Trust: 0.6

VULHUB: VHN-382724
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-24006
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-24006
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-382724
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24006
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24006
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-24006
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-382724 // VULMON: CVE-2021-24006 // JVNDB: JVNDB-2021-010804 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-359 // NVD: CVE-2021-24006 // NVD: CVE-2021-24006

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010804 // NVD: CVE-2021-24006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-359

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-20-061url:https://www.fortiguard.com/psirt/FG-IR-20-061

Trust: 0.8

title:Fortinet FortiManager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158605

Trust: 0.6

sources: JVNDB: JVNDB-2021-010804 // CNNVD: CNNVD-202108-359

EXTERNAL IDS

db:NVDid:CVE-2021-24006

Trust: 3.4

db:JVNDBid:JVNDB-2021-010804

Trust: 0.8

db:CNNVDid:CNNVD-202108-359

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021080317

Trust: 0.6

db:AUSCERTid:ESB-2021.2617

Trust: 0.6

db:VULHUBid:VHN-382724

Trust: 0.1

db:VULMONid:CVE-2021-24006

Trust: 0.1

sources: VULHUB: VHN-382724 // VULMON: CVE-2021-24006 // JVNDB: JVNDB-2021-010804 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-359 // NVD: CVE-2021-24006

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-061

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-24006

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080317

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortimanager-privilege-escalation-via-sd-wan-orchestrator-panel-36037

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2617

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382724 // VULMON: CVE-2021-24006 // JVNDB: JVNDB-2021-010804 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-359 // NVD: CVE-2021-24006

SOURCES

db:VULHUBid:VHN-382724
db:VULMONid:CVE-2021-24006
db:JVNDBid:JVNDB-2021-010804
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-359
db:NVDid:CVE-2021-24006

LAST UPDATE DATE

2024-08-14T12:26:03.319000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382724date:2022-06-28T00:00:00
db:VULMONid:CVE-2021-24006date:2021-09-10T00:00:00
db:JVNDBid:JVNDB-2021-010804date:2022-07-08T05:24:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-359date:2021-09-13T00:00:00
db:NVDid:CVE-2021-24006date:2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-382724date:2021-09-06T00:00:00
db:VULMONid:CVE-2021-24006date:2021-09-06T00:00:00
db:JVNDBid:JVNDB-2021-010804date:2022-07-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-359date:2021-08-03T00:00:00
db:NVDid:CVE-2021-24006date:2021-09-06T19:15:07.427