| |
Vulnerability CVE-2021-36177
Published: 2022-02-02
| Description: |
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. |
Type:
CWE-863 (Incorrect Authorization)
CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.3/10 |
2.9/10 |
6.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://fortiguard.com/psirt/FG-IR-20-217
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
