Information Disclosure Vulnerability in FortiAnalyzerVM and FortiManagerVM by Fortinet
CVE-2021-36170

3.2LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager, Fortianalyzer
Vendor: CVE Published:; 6 October 2021

What is CVE-2021-36170?

An information disclosure vulnerability has been identified in FortiAnalyzerVM and FortiManagerVM that may enable an authenticated attacker to access FortiCloud credentials in cleartext. This information can be exploited by malicious actors if they gain access to the affected systems, potentially compromising the security of the trial license activation process.

Affected Version(s)

Fortinet FortiManager, FortiAnalyzer FortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6

References

https://fortiguard.com/advisory/FG-IR-21-112

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2021
Vulnerability Reserved
Jul 6, 2021