Improper Access Control Vulnerability in FortiIsolator 2.3.2 and Below Allows Unauthorized CA Certificate Regeneration

Improper Access Control Vulnerability in FortiIsolator 2.3.2 and Below Allows Unauthorized CA Certificate Regeneration

CVE-2021-41020 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.

Learn more about our Cis Benchmark Audit For Microsoft Iis.