Описание
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.4.0 (включая) до 6.4.5 (исключая)
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
6.5 Medium
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-295
Связанные уязвимости
github
больше 3 лет назад
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
EPSS
Процентиль: 43%
0.00207
Низкий
6.5 Medium
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-295