← back
CVE-2021-24005

CVE-2021-24005

CVSS 4 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Fortinet · FortiAuthenticator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-20-049