CVE-2021-41019Improper Certificate Validation in Fortinet Fortios

CWE-295Improper Certificate Validation4 documents4 sources
Severity
6.5MEDIUMNVD
CNA3.5
EPSS
0.2%
top 52.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortios
Timeline
PublishedNov 2
Latest updateMay 24

Description

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios6.4.06.4.6
CVEListV5fortinet/fortinet_fortiosFortiOS 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1

🔴Vulnerability Details

2
GHSA
GHSA-hj73-5q9f-3jj4: An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 62022-05-24
CVEList
CVE-2021-41019: An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 62021-11-02

📋Vendor Advisories

1
Fortinet
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may...2021-11-02
CVE-2021-41019 — Improper Certificate Validation | cvebase