CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41019

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.5%

CVSS Severity

CVSS v3 Score 3.5

CVSS v2 Score 4.3

References

https://fortiguard.com/advisory/FG-IR-21-074
https://fortiguard.com/advisory/FG-IR-21-074

Products affected by CVE-2021-41019

Fortinet » Fortios » Version: 6.4.0

cpe:2.3:o:fortinet:fortios:6.4.0
Fortinet » Fortios » Version: 6.4.1

cpe:2.3:o:fortinet:fortios:6.4.1
Fortinet » Fortios » Version: 6.4.2

cpe:2.3:o:fortinet:fortios:6.4.2
Fortinet » Fortios » Version: 6.4.3

cpe:2.3:o:fortinet:fortios:6.4.3
Fortinet » Fortios » Version: 6.4.4

cpe:2.3:o:fortinet:fortios:6.4.4
Fortinet » Fortios » Version: 6.4.5

cpe:2.3:o:fortinet:fortios:6.4.5
Fortinet » Fortios » Version: 6.4.6

cpe:2.3:o:fortinet:fortios:6.4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41019

Products

Pricing

Contact Us