Описание
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.0 (включая) до 6.3.3 (исключая)
cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
4.2 Medium
CVSS3
4.3 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
почти 4 года назад
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
EPSS
Процентиль: 38%
0.00165
Низкий
4.2 Medium
CVSS3
4.3 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-Other