Details of VAR-202106-1941

ID

VAR-202106-1941

CVE

CVE-2021-32584

TITLE

fortinet's FortiWLC access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021877

DESCRIPTION

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details. fortinet's FortiWLC contains an access control vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-32584 // JVNDB: JVNDB-2021-021877 // CNNVD: CNNVD-202104-975

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlc	scope:	lt	version:	8.5.4	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	gte	version:	8.1.3	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	eq	version:	8.6.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiwlc	scope:	eq	version:	8.1.3 that's all 8.5.4	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlc	scope:	eq	version:	8.6.0	Trust: 0.8
vendor:	フォーティネット	model:	fortiwlc	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021877 // NVD: CVE-2021-32584

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2021-32584
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-021877
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-209
value:	MEDIUM
Trust: 0.6

psirt@fortinet.com:	CVE-2021-32584
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-021877
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021877 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-209 // NVD: CVE-2021-32584

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021877 // NVD: CVE-2021-32584

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	FG-IR-20-138	url:	https://fortiguard.fortinet.com/psirt/FG-IR-20-138	Trust: 0.8
title:	FortiWLC Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152902	Trust: 0.6

sources: JVNDB: JVNDB-2021-021877 // CNNVD: CNNVD-202106-209

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32584	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-021877	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060312	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1953	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-209	Trust: 0.6

sources: JVNDB: JVNDB-2021-021877 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-209 // NVD: CVE-2021-32584

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-20-138	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32584	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1953	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060312	Trust: 0.6

sources: JVNDB: JVNDB-2021-021877 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-209 // NVD: CVE-2021-32584

SOURCES

db:	JVNDB	id:	JVNDB-2021-021877
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-209
db:	NVD	id:	CVE-2021-32584

LAST UPDATE DATE

2025-07-29T22:31:37.736000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021877	date:	2025-07-28T07:11:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-209	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2021-32584	date:	2025-07-24T20:17:07.543

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021877	date:	2025-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-209	date:	2021-06-03T00:00:00
db:	NVD	id:	CVE-2021-32584	date:	2025-03-17T14:15:17.413