admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-12-08 11:01:06 +00:00
parent 4a7501e874
commit 826b3a4df4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/26xxx/CVE-2021-26110.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability [CWE-284]\u00a0in FortiOS autod daemon 7.0.0, 6.4.6\u00a0and below, 6.2.9\u00a0and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features."
"value": "An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features."
}
]
}

2
2021/36xxx/CVE-2021-36180.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple improper neutralization of special elements used in a command vulnerabilities\u00a0[CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests."
"value": "Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests."
}
]
}

2
2021/42xxx/CVE-2021-42758.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an\u00a0admin user with full access rights\u00a0via bypassing the GUI restrictions."
"value": "An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions."
}
]
}