Improper Access Control in FortiIsolator by Fortinet
CVE-2021-41020

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiisolator
Vendor: CVE Published:; 4 May 2022

What is CVE-2021-41020?

The identified vulnerability in FortiIsolator can allow authenticated, non-privileged users to exploit improper access control mechanisms, enabling them to regenerate the CA certificate through an exposed regeneration URL. This security flaw presents a risk, as it can potentially lead to unauthorized certificate management and impact overall system integrity.

Affected Version(s)

Fortinet FortiIsolator FortiIsolator 2.3.2, 2.3.1, 2.3.0

References

https://fortiguard.com/psirt/FG-IR-21-040

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2022
Vulnerability Reserved
Sep 13, 2021