CVE-2021-42758

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

Published: Dec 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-42758
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
fortinet / fortiwlc	8.0.5	8.0.5.x
fortinet / fortiwlc	8.0.6	8.0.6.x
fortinet / fortiwlc	8.1.2	8.1.2.x
fortinet / fortiwlc	8.1.3	8.1.3.x
fortinet / fortiwlc	8.2.4	8.2.7.x
fortinet / fortiwlc	8.4.8	8.4.8.x
fortinet / fortiwlc	8.4.7	8.4.7.x
fortinet / fortiwlc	8.4.6	8.4.6.x
fortinet / fortiwlc	8.4.5	8.4.5.x
fortinet / fortiwlc	8.6.1	8.6.1.x
fortinet / fortiwlc	8.6.0	8.6.0.x
fortinet / fortiwlc	8.5.0	8.5.5.x
fortinet / fortiwlc	8.4.0	8.4.0.x
fortinet / fortiwlc	8.4.1	8.4.1.x
fortinet / fortiwlc	8.4.2	8.4.2.x
fortinet / fortiwlc	8.4.4	8.4.4.x
fortinet / fortiwlc	8.3.0	8.3.3.x

https://fortiguard.com/advisory/FG-IR-21-200

Vulnerability Database

289,697

CVE-2021-42758