CVE-2021-36177 MEDIUM

CVE-2021-36177

Vendor N/A
Product n/a
Published February 2, 2022
Last update October 22, 2024

CVSS base score

4.2/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:U/RC:C

What the vulnerability does

01Description

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

Key dates

02Disclosure timeline

February 2, 2022 CVE published
October 22, 2024 Record updated