CVE-2021-36166

CWE-330CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 33.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortinet Fortimail
Timeline
PublishedMar 1
Latest updateMar 2

Description

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimail6.0.06.0.12+4
CVEListV5fortinet/fortinet_fortimailFortiMail before 7.0.1

🔴Vulnerability Details

2
GHSA
GHSA-6gm4-rphq-fcfx: An improper authentication vulnerability in FortiMail before 72022-03-02
CVEList
CVE-2021-36166: An improper authentication vulnerability in FortiMail before 72022-03-01

📋Vendor Advisories

1
Fortinet
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one...2022-03-01
CVE-2021-36166 (CRITICAL CVSS 9.8) | An improper authentication vulnerab | cvebase.io