CVE-2021-36170

3.2LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager, Fortianalyzer
Vendor: CVE Published:; 6 October 2021

Summary

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

Affected Version(s)

Fortinet FortiManager, FortiAnalyzer FortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6

References

https://fortiguard.com/advisory/FG-IR-21-112

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2021
Vulnerability Reserved
Jul 6, 2021