CVE-2021-36177

MEDIUM

FortiAuthenticator HA service <6.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-20-217

Scores

CVSS v3 4.2
EPSS 0.0016
EPSS Percentile 37.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
fortinet/fortiauthenticator 6.0.0 - 6.3.3
Published Feb 02, 2022
Tracked Since Feb 18, 2026