CVE-2021-43067

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiauthenticatorFortinet Fortinet Fortiauthenticator
Timeline
PublishedDec 8
Latest updateDec 9

Description

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

NVDfortinet/fortiauthenticator6.0.16.0.7+9
CVEListV5fortinet/fortinet_fortiauthenticatorFortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1

🔴Vulnerability Details

2
GHSA
GHSA-pxph-w77w-wjcr: A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 62021-12-09
CVEList
CVE-2021-43067: A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 62021-12-08

📋Vendor Advisories

1
Fortinet
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2...2021-12-08
CVE-2021-43067 (MEDIUM CVSS 6.5) | A exposure of sensitive information | cvebase.io