First published: Wed Dec 08 2021(Updated: )
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWLC | >=8.2.4<=8.2.7 | |
Fortinet FortiWLC | >=8.3.0<=8.3.3 | |
Fortinet FortiWLC | >=8.5.0<=8.5.5 | |
Fortinet FortiWLC | =8.0.5 | |
Fortinet FortiWLC | =8.0.6 | |
Fortinet FortiWLC | =8.1.2 | |
Fortinet FortiWLC | =8.1.3 | |
Fortinet FortiWLC | =8.4.0 | |
Fortinet FortiWLC | =8.4.1 | |
Fortinet FortiWLC | =8.4.2 | |
Fortinet FortiWLC | =8.4.4 | |
Fortinet FortiWLC | =8.4.5 | |
Fortinet FortiWLC | =8.4.6 | |
Fortinet FortiWLC | =8.4.7 | |
Fortinet FortiWLC | =8.4.8 | |
Fortinet FortiWLC | =8.6.0 | |
Fortinet FortiWLC | =8.6.1 | |
>=8.2.4<=8.2.7 | ||
>=8.3.0<=8.3.3 | ||
>=8.5.0<=8.5.5 | ||
=8.0.5 | ||
=8.0.6 | ||
=8.1.2 | ||
=8.1.3 | ||
=8.4.0 | ||
=8.4.1 | ||
=8.4.2 | ||
=8.4.4 | ||
=8.4.5 | ||
=8.4.6 | ||
=8.4.7 | ||
=8.4.8 | ||
=8.6.0 | ||
=8.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42758 is an improper access control vulnerability in FortiWLC 8.6.1 and below.
CVE-2021-42758 allows an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights.
The severity of CVE-2021-42758 is critical with a CVSS score of 8.8.
FortiWLC versions 8.6.1 and below are affected by CVE-2021-42758.
To fix CVE-2021-42758, update FortiWLC to a version that is not affected.