Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for fortiadc_manager by fortinet

    CVE-2023-26210 (GCVE-0-2023-26210)

    Vulnerability from nvd – Published: 2023-06-13 08:41 – Updated: 2026-01-14 14:15
    VLAI
    Summary
    Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiADC Affected: 7.2.0
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
    Affected: 6.1.0 , ≤ 6.1.6 (semver)
    Affected: 6.0.0 , ≤ 6.0.4 (semver)
    Affected: 5.4.0 , ≤ 5.4.5 (semver)
    Affected: 5.3.0 , ≤ 5.3.7 (semver)
    Affected: 5.2.0 , ≤ 5.2.8 (semver)
        cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiADCManager Affected: 7.1.0
    Affected: 7.0.0
    Affected: 6.2.0 , ≤ 6.2.1 (semver)
    Affected: 6.1.0
    Affected: 6.0.0
    Affected: 5.4.0
    Affected: 5.3.0
    Affected: 5.2.0 , ≤ 5.2.1 (semver)
        cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-076",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-076"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:10:55.831517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:26:13.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiADC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.6",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.4",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.5",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.7",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.8",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiADCManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "lessThanOrEqual": "6.2.1",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "lessThanOrEqual": "5.2.1",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T14:15:28.898Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-076",
              "url": "https://fortiguard.com/psirt/FG-IR-23-076"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiADC version 7.2.1 or above\nPlease upgrade to FortiADC version 7.1.3 or above\nPlease upgrade to FortiADCManager version 7.2.0 or above\nPlease upgrade to FortiADCManager version 7.1.1 or above\nPlease upgrade to FortiADCManager version 7.0.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-26210",
        "datePublished": "2023-06-13T08:41:46.873Z",
        "dateReserved": "2023-02-20T15:09:20.637Z",
        "dateUpdated": "2026-01-14T14:15:28.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24024 (GCVE-0-2021-24024)

    Vulnerability from nvd – Published: 2021-04-12 14:12 – Updated: 2024-10-25 13:59
    VLAI
    Summary
    A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-19-244 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Fortinet Fortinet FortiADCManager, FortiADC Affected: FortiADCManager 5.3.0 and below, 5.2.1 and below; FortiADC 5.3.7 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:10.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-19-244"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:58:56.214161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:59:21.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fortinet FortiADCManager, FortiADC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADCManager 5.3.0 and below,  5.2.1 and below; FortiADC 5.3.7 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users\u0027 password in log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-12T14:12:48.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-19-244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2021-24024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fortinet FortiADCManager, FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADCManager 5.3.0 and below,  5.2.1 and below; FortiADC 5.3.7 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users\u0027 password in log files."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-19-244",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-19-244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-24024",
        "datePublished": "2021-04-12T14:12:48.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-10-25T13:59:21.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26210 (GCVE-0-2023-26210)

    Vulnerability from cvelistv5 – Published: 2023-06-13 08:41 – Updated: 2026-01-14 14:15
    VLAI
    Summary
    Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiADC Affected: 7.2.0
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
    Affected: 6.1.0 , ≤ 6.1.6 (semver)
    Affected: 6.0.0 , ≤ 6.0.4 (semver)
    Affected: 5.4.0 , ≤ 5.4.5 (semver)
    Affected: 5.3.0 , ≤ 5.3.7 (semver)
    Affected: 5.2.0 , ≤ 5.2.8 (semver)
        cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiADCManager Affected: 7.1.0
    Affected: 7.0.0
    Affected: 6.2.0 , ≤ 6.2.1 (semver)
    Affected: 6.1.0
    Affected: 6.0.0
    Affected: 5.4.0
    Affected: 5.3.0
    Affected: 5.2.0 , ≤ 5.2.1 (semver)
        cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-076",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-076"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:10:55.831517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:26:13.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiADC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.6",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.4",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.5",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.7",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.8",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiADCManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "lessThanOrEqual": "6.2.1",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "lessThanOrEqual": "5.2.1",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T14:15:28.898Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-076",
              "url": "https://fortiguard.com/psirt/FG-IR-23-076"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiADC version 7.2.1 or above\nPlease upgrade to FortiADC version 7.1.3 or above\nPlease upgrade to FortiADCManager version 7.2.0 or above\nPlease upgrade to FortiADCManager version 7.1.1 or above\nPlease upgrade to FortiADCManager version 7.0.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-26210",
        "datePublished": "2023-06-13T08:41:46.873Z",
        "dateReserved": "2023-02-20T15:09:20.637Z",
        "dateUpdated": "2026-01-14T14:15:28.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24024 (GCVE-0-2021-24024)

    Vulnerability from cvelistv5 – Published: 2021-04-12 14:12 – Updated: 2024-10-25 13:59
    VLAI
    Summary
    A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-19-244 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Fortinet Fortinet FortiADCManager, FortiADC Affected: FortiADCManager 5.3.0 and below, 5.2.1 and below; FortiADC 5.3.7 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:10.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-19-244"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T13:58:56.214161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:59:21.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fortinet FortiADCManager, FortiADC",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiADCManager 5.3.0 and below,  5.2.1 and below; FortiADC 5.3.7 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users\u0027 password in log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-12T14:12:48.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-19-244"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2021-24024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fortinet FortiADCManager, FortiADC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiADCManager 5.3.0 and below,  5.2.1 and below; FortiADC 5.3.7 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users\u0027 password in log files."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-19-244",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-19-244"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-24024",
        "datePublished": "2021-04-12T14:12:48.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-10-25T13:59:21.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }