The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2021-32600

CVE-2021-32600: Fortinet FortiOS Information Disclosure

CVE-2021-32600 is an information disclosure vulnerability in Fortinet FortiOS CLI that allows authenticated VDOM users to access sensitive data from other VDOMs. This article covers technical details, affected versions, and fixes.

Published: February 25, 2026

CVE-2021-32600 Overview

An exposure of sensitive information to an unauthorized actor vulnerability exists in FortiOS CLI that may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. This vulnerability affects FortiOS versions 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x.

Critical Impact

Authenticated local attackers with VDOM access can bypass intended isolation boundaries to access sensitive administrative information from other VDOMs, potentially compromising network segmentation security.

Affected Products

  • Fortinet FortiOS 7.0.0
  • Fortinet FortiOS 6.4.0 through 6.4.6
  • Fortinet FortiOS 6.2.0 through 6.2.9, 6.0.x, and 5.6.x

Discovery Timeline

  • 2021-11-17 - CVE-2021-32600 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2021-32600

Vulnerability Analysis

This vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The flaw exists within the FortiOS command-line interface (CLI) and its handling of Virtual Domain (VDOM) isolation boundaries.

FortiOS uses VDOMs to partition a single FortiGate unit into multiple virtual devices, each with its own security policies, routing tables, and administrative access. This vulnerability undermines the security model by allowing authenticated users with access to one VDOM to query and retrieve sensitive information from other VDOMs on the same physical device.

The exposed information includes admin account lists and network interface configurations from other VDOMs, which could be leveraged by an attacker to map out the network architecture and identify potential targets for further attacks.

Root Cause

The root cause of this vulnerability is improper access control enforcement within the FortiOS CLI when processing certain commands. The CLI fails to properly validate that a user's request is limited to their assigned VDOM, allowing cross-VDOM information queries. This represents a breakdown in the VDOM isolation mechanism that organizations rely on for multi-tenant or segmented network deployments.

Attack Vector

The attack requires local access to the FortiGate device CLI and valid authentication credentials for a user assigned to at least one VDOM. The attacker leverages specific CLI commands that bypass VDOM boundary checks to enumerate administrative accounts and network interfaces configured in other VDOMs.

Since this is a local attack vector requiring authentication, exploitation requires either legitimate user credentials or prior compromise of a VDOM administrator account. The vulnerability does not enable direct configuration changes but provides reconnaissance data that could facilitate subsequent attacks.

Detection Methods for CVE-2021-32600

Indicators of Compromise

  • Unusual CLI access patterns from VDOM-restricted user accounts
  • Log entries showing queries for resources outside the user's assigned VDOM
  • Administrative commands executed by users without appropriate VDOM permissions
  • Unexpected enumeration of admin accounts or network interfaces across VDOMs

Detection Strategies

  • Monitor FortiOS system event logs for CLI commands that access cross-VDOM resources
  • Configure alerting for any administrative queries from non-root VDOM accounts
  • Implement user behavior analytics to detect anomalous CLI access patterns
  • Review audit logs for VDOM boundary violations or permission escalation attempts

Monitoring Recommendations

  • Enable comprehensive logging for all CLI sessions and administrative commands
  • Configure SIEM integration to correlate FortiOS events with other security telemetry
  • Establish baseline behavior for VDOM administrator activities
  • Deploy SentinelOne Singularity to monitor for post-exploitation activities on systems connected to affected FortiGate devices

How to Mitigate CVE-2021-32600

Immediate Actions Required

  • Upgrade FortiOS to a patched version as recommended by Fortinet
  • Review and restrict CLI access to only necessary administrative personnel
  • Audit current VDOM user assignments and remove unnecessary access
  • Implement the principle of least privilege for all VDOM administrator accounts

Patch Information

Fortinet has released security updates to address this vulnerability. Administrators should upgrade to FortiOS versions that contain the fix as outlined in the FortiGuard Security Advisory FG-IR-20-243. Consult the advisory for specific version recommendations based on your current FortiOS release.

Workarounds

  • Restrict CLI access to trusted administrators only until patching is complete
  • Implement network segmentation to limit access to FortiGate management interfaces
  • Monitor CLI activity closely for signs of exploitation
  • Consider disabling unnecessary VDOM configurations where possible
bash
# Configuration example - Restrict CLI access to specific trusted hosts
config system admin
    edit "admin"
        set trusthost1 192.168.1.0 255.255.255.0
        set trusthost2 10.0.0.5 255.255.255.255
    next
end

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechFortinet Fortios
  • SeverityLOW
  • CVSS Score3.8
  • EPSS Probability0.28%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-200
  • Vendor Resources
  • Fortiguard Security Advisory
  • Related CVEs
  • CVE-2025-68686: Fortinet FortiOS Information Disclosure
  • CVE-2022-22306: Fortinet FortiOS Certificate Validation Flaw
  • CVE-2021-26108: Fortinet FortiOS Information Disclosure
  • CVE-2020-15936: Fortinet FortiOS Information Disclosure
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English