Arbitrary Module Assignment Vulnerability in Fortinet FortiManager

Arbitrary Module Assignment Vulnerability in Fortinet FortiManager

CVE-2021-24017 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

Learn more about our Cis Benchmark Audit For Fortinet.