Improper Access Control in FortiAuthenticator HA Service
CVE-2021-36177

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 2 February 2022

What is CVE-2021-36177?

An improper access control vulnerability in the FortiAuthenticator HA service allows attackers on the same VLAN as the management interface to establish an unauthenticated direct connection to the database. This can lead to unauthorized access to sensitive information, posing significant security risks for organizations utilizing this service.

References

https://fortiguard.com/psirt/FG-IR-20-217

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2022
Vulnerability Reserved
Jul 6, 2021

Fortinet

What is CVE-2021-36177?

References

CVSS V3.1

Timeline