Improper Access Control in FortiIsolator by Fortinet
CVE-2021-41020

8.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Fortiisolator
Vendor
CVE Published:
4 May 2022

Summary

The identified vulnerability in FortiIsolator can allow authenticated, non-privileged users to exploit improper access control mechanisms, enabling them to regenerate the CA certificate through an exposed regeneration URL. This security flaw presents a risk, as it can potentially lead to unauthorized certificate management and impact overall system integrity.

Affected Version(s)

Fortinet FortiIsolator FortiIsolator 2.3.2, 2.3.1, 2.3.0

References

https://fortiguard.com/psirt/FG-IR-21-040
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.