Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistFortinetCVELIST:CVE-2021-24005
HistoryJul 06, 2021 - 10:56 a.m.

CVE-2021-24005

2021-07-0610:56:12
fortinet
www.cve.org
5
fortiauthenticator
cryptographic keys
configuration files
debug logs
cve-2021-24005
sensitive data

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.

CNA Affected

[
  {
    "product": "FortiAuthenticator",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiAuthenticator versions before 6.3.0."
      }
    ]
  }
]

Related

fortinet 1
nvd 1
prion 1
cve 1
fortinet
fortinet
FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data
2021-06-01 00:00:00
nvd
nvd
CVE-2021-24005
2021-07-06 11:15:08
prion
prion
Hardcoded credentials
2021-07-06 11:15:00
cve
cve
CVE-2021-24005
2021-07-06 11:15:08

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON
Related for CVELIST:CVE-2021-24005
fortinet1nvd1prion1cve1