Lucene search
FortinetCVELIST:CVE-2021-24012HistoryJun 02, 2021 - 12:42 p.m.
CVE-2021-24012
2021-06-0212:42:19
fortinet
www.cve.org
6
vulnerability
fortigate
sslvpn
ldap
certificate authority
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
39.5%
An improper following of a certificate’s chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
CNA Affected
[
{
"product": "Fortinet FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiOS 6.4.0 to 6.4.4"
}
]
}
]References
Related
fortinet
fortinet
Protect
2021-06-01 00:00:00
cve
cve
CVE-2021-24012
2021-06-02 13:15:12
prion
prion
Input validation
2021-06-02 13:15:00
nvd
nvd
CVE-2021-24012
2021-06-02 13:15:12
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
39.5%
Related for CVELIST:CVE-2021-24012