{ "id": "CVE-2021-43065", "sourceIdentifier": "psirt@fortinet.com", "published": "2021-12-09T10:15:11.847", "lastModified": "2022-07-28T18:12:57.933", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data." }, { "lang": "es", "value": "Una asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en Fortinet FortiNAC versi\u00f3n 9.2.0, versi\u00f3n 9.1.3 y anteriores, versi\u00f3n 8.8.9 y anteriores, permite al atacante conseguir mayores privilegios por medio del acceso a datos confidenciales del sistema" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 }, { "source": "psirt@fortinet.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-732" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.8.0", "versionEndExcluding": "8.8.10", "matchCriteriaId": "2B635677-94E0-4594-93B3-DA0A0F40540F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.1.0", "versionEndExcluding": "9.1.4", "matchCriteriaId": "EAD6773C-BD72-47FF-BCC6-CC057C20E796" }, { "vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D6ECEB2-D111-4C78-B0B4-0094C8C57EB3" } ] } ] } ], "references": [ { "url": "https://fortiguard.com/advisory/FG-IR-21-178", "source": "psirt@fortinet.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-8wx4-g5p9-348h", "source": "psirt@fortinet.com", "tags": [ "Exploit", "Third Party Advisory" ] } ] }