CVE-2021-36177 | THREATINT

Description

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

PUBLISHED Reserved 2021-07-06 | Published 2022-02-02 | Updated 2024-10-22 | Assigner fortinet

MEDIUM: 4.2CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:U/RC:C

References

fortiguard.com/psirt/FG-IR-20-217

cve.org (CVE-2021-36177)

nvd.nist.gov (CVE-2021-36177)

Download JSON