CVE-2021-24024
First published: Mon Apr 12 2021(Updated: )
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiADC | <=5.3.7 | |
| Fortinet Fortiadc Manager | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-24024.
How does the vulnerability impact FortiADCManager and FortiADC?
The vulnerability allows a remote authenticated attacker to read other local users' passwords stored in log files.
What versions of FortiADCManager and FortiADC are affected?
FortiADCManager 5.3.0 and below, 5.2.1 and below, and FortiADC 5.3.7 and below are affected.
What is the severity of CVE-2021-24024?
The severity of CVE-2021-24024 is medium.
How can I fix the vulnerability in FortiADCManager and FortiADC?
It is recommended to upgrade FortiADCManager and FortiADC to versions that have addressed the vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiadc
- version/fortinet fortiadc/5.3.7
- canonical/fortinet fortiadc manager
- version/fortinet fortiadc manager/5.3.0