← back
CVE-2021-43067

CVE-2021-43067

CVSS 8.3 HIGHEPSS 1.1%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.3EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L/E:P/RL:X/RC:X
Affected products
Fortinet · Fortinet FortiAuthenticator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-21-211