An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-20-217 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-02-02T10:54:47
Updated: 2024-08-04T00:47:43.884Z
Reserved: 2021-07-06T00:00:00
Link: CVE-2021-36177
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-02T11:15:07.637
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-36177
Redhat
No data.