CVE-2021-32584
MEDIUMFortiWLC <=8.6.0 Unauthenticated Improper Access Control via Web Management CGI
Title source: llmDescription
An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-20-138
Scores
CVSS v3
5.3
EPSS
0.0019
EPSS Percentile
40.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (2)
fortinet/fortiwlc
8.6.0
fortinet/fortiwlc
8.1.3 - 8.5.4
Published
Mar 17, 2025
Tracked Since
Feb 18, 2026