Improper Access Control Vulnerability in FortiAuthenticator HA Service 6.3.2 and Below

Improper Access Control Vulnerability in FortiAuthenticator HA Service 6.3.2 and Below

CVE-2021-36177 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

Learn more about our Web Application Penetration Testing UK.