{"containers": {"cna": {"affected": [{"product": "Fortinet FortiAuthenticator", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1"}]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 7.9, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:X/RC:X", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Improper access control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-08T11:22:39.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-21-211"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2021-43067", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiAuthenticator", "version": {"version_data": [{"version_value": "FortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 7.9, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:X/RC:X", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper access control"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-21-211", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-21-211"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:47:13.216Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-21-211"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:13:14.006948Z", "id": "CVE-2021-43067", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T13:42:16.266Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2021-43067", "datePublished": "2021-12-08T11:22:39.000Z", "dateReserved": "2021-10-28T00:00:00.000Z", "dateUpdated": "2024-10-25T13:42:16.266Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-211", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:47:13.216Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-43067", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:13:14.006948Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:16:56.888Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:X/RC:X", "temporalScore": 7.9, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "Fortinet FortiAuthenticator", "versions": [{"status": "affected", "version": "FortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1"}]}], "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-211", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2021-12-08T11:22:39.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Changed", "version": "3.1", "baseScore": 7.9, "attackVector": "Network", "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:X/RC:X", "integrityImpact": "High", "userInteraction": "Required", "attackComplexity": "Low", "availabilityImpact": "Low", "privilegesRequired": "High", "confidentialityImpact": "High"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1"}]}, "product_name": "Fortinet FortiAuthenticator"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-21-211", "name": "https://fortiguard.com/advisory/FG-IR-21-211", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper access control"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-43067", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-43067", "state": "PUBLISHED", "dateUpdated": "2024-10-25T13:42:16.266Z", "dateReserved": "2021-10-28T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2021-12-08T11:22:39.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A372CF4-B328-4904-93A8-8F5031B3C5B2", "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BCCE874-8B7F-4A4A-9A28-C32280E77708", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "34D8DA14-C6EF-4ABC-AEBD-43B0FAC07D1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F666938-8CA7-4DA6-A41F-A0AE5F378271", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "07ADD6A9-D2C8-42EA-95E4-C8E7783E06FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D21B4615-2CD4-47F3-8627-043E4A7A4D22", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "022EB45B-D4C6-42D2-8A98-37890CFC8257", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "194C9D33-A5DC-4D99-B8DB-AF4167E44E59", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "744BD74B-58BD-4561-9D6E-A8EDF53A9FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "230C350F-283E-48C4-8D46-BE9434A2CC6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Fortinet FortiAuthenticator versi\u00f3n 6.4.0, versi\u00f3n 6.3.2 y anteriores, versi\u00f3n 6.2.1 y anteriores, versi\u00f3n 6.1.2 y anteriores, versi\u00f3n 6.0.7 a 6.0.1 permite al atacante duplicar un token de autenticaci\u00f3n de 2 factores del usuario LDAP objetivo por medio de peticiones HTTP dise\u00f1adas"}], "id": "CVE-2021-43067", "lastModified": "2024-11-21T06:28:38.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-08T12:15:07.933", "references": [{"source": "psirt@fortinet.com", "tags": ["Broken Link"], "url": "https://fortiguard.com/advisory/FG-IR-21-211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://fortiguard.com/advisory/FG-IR-21-211"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}