CVE-2021-43068

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGH

EPSS

0.2%

top 55.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortinet Fortiauthenticator Fortinet Fortiauthenticator

Timeline

PublishedDec 9

Latest updateDec 10

Description

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDfortinet/fortiauthenticator6.4.0

▶CVEListV5fortinet/fortinet_fortiauthenticatorFortiAuthenticator 6.4.0

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-7c78-24gm-9rqf: A improper authentication in Fortinet FortiAuthenticator version 6↗2021-12-10

▶

CVEList

CVE-2021-43068: A improper authentication in Fortinet FortiAuthenticator version 6↗2021-12-09

▶

📋Vendor Advisories

Fortinet

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authen...↗2021-12-09

▶