CVE-2021-24012Improper Certificate Validation in Fortinet Fortios

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.3HIGHNVD
CNA6.5
EPSS
0.2%
top 56.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortios
Timeline
PublishedJun 2
Latest updateMay 24

Description

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

NVDfortinet/fortios6.4.06.4.5
CVEListV5fortinet/fortinet_fortiosFortiOS 6.4.0 to 6.4.4

🔴Vulnerability Details

2
GHSA
GHSA-2fg7-gvqp-mhcc: An improper following of a certificate's chain of trust vulnerability in FortiGate versions 62022-05-24
CVEList
CVE-2021-24012: An improper following of a certificate's chain of trust vulnerability in FortiGate versions 62021-06-02

📋Vendor Advisories

1
Fortinet
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an...2021-06-02
CVE-2021-24012 — Improper Certificate Validation | cvebase