CVE-2021-36177

Published: Feb 2, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

Affected (1)

Products: Fortinet: Fortiauthenticator

Fortinet

1 product

Fortiauthenticator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiauthenticator	From 6.0.0 to 6.3.3

References (2)

https://fortiguard.com/psirt/FG-IR-20-217

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-217

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.