CVE-2021-42758

HIGH

FortiWLC <= 8.6.1 - Authenticated Privilege Escalation via GUI Restriction Bypass

Title source: llm
STIX 2.1

Description

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-200

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 48.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (15)
fortinet/fortiwlc 8.0.5
fortinet/fortiwlc 8.0.6
fortinet/fortiwlc 8.1.2
fortinet/fortiwlc 8.1.3
fortinet/fortiwlc 8.4.0
fortinet/fortiwlc 8.4.1
fortinet/fortiwlc 8.4.2
fortinet/fortiwlc 8.4.4
fortinet/fortiwlc 8.4.5
fortinet/fortiwlc 8.4.6
... and 5 more
Published Dec 08, 2021
Tracked Since Feb 18, 2026