CVE-2021-36177

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 2 February 2022

Summary

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

References

https://fortiguard.com/psirt/FG-IR-20-217

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2022
Vulnerability Reserved
Jul 6, 2021