CVE-2021-36170

LOW

FortiAnalyzerVM/FortiManagerVM <7.0.0,6.4.6 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-112

Scores

CVSS v3 3.2

EPSS 0.0011

EPSS Percentile 29.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

fortinet/fortianalyzer < 6.4.7

fortinet/fortimanager < 6.4.7

Timeline

Published Oct 06, 2021

Tracked Since Feb 18, 2026