Improper Authentication Vulnerability in FortiMail by Fortinet
CVE-2021-36166

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimail
Vendor: CVE Published:; 1 March 2022

What is CVE-2021-36166?

An improper authentication vulnerability in FortiMail prior to version 7.0.1 enables potential remote attackers to compromise the authentication token of an administrative account. This can be achieved by observing certain properties of the system, which could allow unauthorized access. Organizations using impacted versions should apply updates promptly to mitigate the risk associated with this vulnerability.

Affected Version(s)

Fortinet FortiMail FortiMail before 7.0.1

References

https://fortiguard.com/psirt/FG-IR-21-028

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2022
Vulnerability Reserved
Jul 6, 2021