Vulnerability Details CVE-2021-43067
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 61.6%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 4.3
Products affected by CVE-2021-43067
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.2
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.3
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.4
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.5
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.6
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.7
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.2
-
cpe:2.3:a:fortinet:fortiauthenticator:6.2.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.2.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.3.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.3.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.3.2
-
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0