| IR Number | FG-IR-21-147 |
| Date | May 3, 2022 |
| Severity |
Medium |
| CVSSv3 Score | 6.2 |
| Impact | Information disclosure |
| CVE ID | CVE-2021-41032 |
| Affected Products |
FortiOS
:
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS - Improper Inter-VDOM access control
Summary
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
Affected Products
FortiGate version 7.0.3 and below.
FortiGate version 6.4.8 and below.
FortiOS version 6.2.0 through 6.2.10
Solutions
Please upgrade to FortiGate version 7.0.4 or above.
Please upgrade to FortiGate version 6.4.9 or above.
Please upgrade to FortiOS version 6.2.11 or above.