Vulnerability in Fortinet Fortiauthenticator
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via kno…
EPSS: 0.001 (31.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Fortinet Fortiauthenticator — versions FortiAuthenticator versions before 6.3.0.
References
- fortiguard.com/psirt/FG-IR-20-049 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2021-24005?
- CVE-2021-24005 is a medium-severity vulnerability in Fortinet Fortiauthenticator. CVSS score: 4.0/10. Published 2021-07-06.
- How severe is CVE-2021-24005?
- Medium severity. CVSS v3 base score is 4.0 out of 10.