Fortinet Fortiauthenticator vulnerabilities

3 known vulnerabilities affecting fortinet/fortinet_fortiauthenticator.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2021-26116HIGHCVSS 8.8vFortiAuthenticator before 6.3.12022-04-06

CVE-2021-26116 [MEDIUM] CWE-78 CVE-2021-26116: An improper neutralization of special elements used in an OS command vulnerability in the command li An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CVE-2021-43068HIGHCVSS 8.1vFortiAuthenticator 6.4.02021-12-09

CVE-2021-43068 [MEDIUM] CWE-287 CVE-2021-43068: A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the sec A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.

CVE-2021-43067MEDIUMCVSS 6.5vFortiAuthenticator 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12021-12-08

CVE-2021-43067 [HIGH] CWE-200 CVE-2021-43067: A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.