Fortinet Fortigate Missing certificate CN/SAN validation leads to information disclosure (FG-IR-21-074)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-074 advisory. - An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allo...

CVE-2021-41019

creationtimestamp| type| source ---|---|--- 2021-11-02 21:23:20+00:00| seen| https://t.me/cibsecurity/31630...

CVE-2021-41019

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

CVE-2021-41019

CVE-2021-41019 : FortiOS versions 6.4.6 and earlier are affected by an improper validation of certificates with host mismatch (CWE-297). This can allow a connection to a malicious LDAP server via GUI options, leading to disclosure of sensitive information such as AD credentials. The vulnerability...

CVE-2021-41019

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...