Vulnerability Details : CVE-2021-36177
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Products affected by CVE-2021-36177
- cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36177
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36177
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
|
4.2
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
1.6
|
2.5
|
Fortinet, Inc. |
References for CVE-2021-36177
-
https://fortiguard.com/psirt/FG-IR-20-217
PSIRT Advisories | FortiGuardVendor Advisory
Jump to