CVE-2021-36170

EUVD-2021-22791
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
fortinetCNA
3.2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
fortinetfortianalyzer
𝑥
< 6.4.7
fortinetfortianalyzer
7.0.0 ≤
𝑥
≤ 7.0.1
fortinetfortimanager
𝑥
< 6.4.7
fortinetfortimanager
7.0.0 ≤
𝑥
< 7.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/advisory/FG-IR-21-112
https://fortiguard.com/advisory/FG-IR-21-112