FortiWLC - Improper access control
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-138
Final
1
1
2021-06-03T00:00:00
Current version
2021-06-03T00:00:00
2021-06-03T00:00:00
An improper access control (CWE-284) vulnerability in FortiWLC may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details.
Improper access control
FortiWLC versions 8.5.3 and below. FortiWLC versions 8.6.0 and below.
Please upgrade to FortiWLC version 8.5.4 or above. Please upgrade to FortiWLC version 8.6.1 or above.
Fortinet is pleased to thank the customer who reported this vulnerability under responsible disclosure.
FortiWLC 8.6.0
FortiWLC 8.5.3
FortiWLC 8.5.2
FortiWLC 8.5.1
FortiWLC 8.5.0
FortiWLC 8.4.8
FortiWLC 8.4.7
FortiWLC 8.4.6
FortiWLC 8.4.5
FortiWLC 8.4.4
FortiWLC 8.4.2
FortiWLC 8.4.1
FortiWLC 8.4.0
FortiWLC 8.3.3
FortiWLC 8.3.2
FortiWLC 8.3.1
FortiWLC 8.3.0
FortiWLC 8.2.7
FortiWLC 8.2.6
FortiWLC 8.2.5
FortiWLC 8.2.4
FortiWLC 8.1.3
FortiWLC - Improper access control
CVE-2021-32584
FortiWLC-8.6.0
FortiWLC-8.5.3
FortiWLC-8.5.2
FortiWLC-8.5.1
FortiWLC-8.5.0
FortiWLC-8.4.8
FortiWLC-8.4.7
FortiWLC-8.4.6
FortiWLC-8.4.5
FortiWLC-8.4.4
FortiWLC-8.4.2
FortiWLC-8.4.1
FortiWLC-8.4.0
FortiWLC-8.3.3
FortiWLC-8.3.2
FortiWLC-8.3.1
FortiWLC-8.3.0
FortiWLC-8.2.7
FortiWLC-8.2.6
FortiWLC-8.2.5
FortiWLC-8.2.4
FortiWLC-8.1.3
4.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
https://fortiguard.fortinet.com/psirt/FG-IR-20-138
FortiWLC - Improper access control
Reference>