Описание
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
3.5 Low
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Уязвимость операционной системы FortiOS, связанная с недостаточной проверкой подлинности сертификата CN/SAN, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
3.5 Low
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2