ID

VAR-202112-0286


CVE

CVE-2021-43067


TITLE

Fortinet FortiAuthenticator  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015998

DESCRIPTION

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. Fortinet FortiAuthenticator There is a vulnerability related to information leakage.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-43067 // JVNDB: JVNDB-2021-015998 // VULHUB: VHN-404117

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.3.1

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.1.2

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:gteversion:6.0.1

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.1.1

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:6.3.2

Trust: 1.0

vendor:フォーティネットmodel:fortiauthenticatorscope:lteversion:6.1.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:lteversion:6.3.2 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion:6.0.1 to 6.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope:lteversion:6.2.1 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-015998 // NVD: CVE-2021-43067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43067
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43067
value: HIGH

Trust: 1.0

NVD: CVE-2021-43067
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-637
value: MEDIUM

Trust: 0.6

VULHUB: VHN-404117
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43067
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404117
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43067
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-43067
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-43067
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404117 // JVNDB: JVNDB-2021-015998 // CNNVD: CNNVD-202112-637 // NVD: CVE-2021-43067 // NVD: CVE-2021-43067

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404117 // JVNDB: JVNDB-2021-015998 // NVD: CVE-2021-43067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-637

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202112-637

PATCH

title:top pageurl:https://www.fortinet.com/jp

Trust: 0.8

title:Fortinet FortiAuthenticator Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174004

Trust: 0.6

sources: JVNDB: JVNDB-2021-015998 // CNNVD: CNNVD-202112-637

EXTERNAL IDS

db:NVDid:CVE-2021-43067

Trust: 3.3

db:JVNDBid:JVNDB-2021-015998

Trust: 0.8

db:CNNVDid:CNNVD-202112-637

Trust: 0.6

db:VULHUBid:VHN-404117

Trust: 0.1

sources: VULHUB: VHN-404117 // JVNDB: JVNDB-2021-015998 // CNNVD: CNNVD-202112-637 // NVD: CVE-2021-43067

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-211

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43067

Trust: 1.4

sources: VULHUB: VHN-404117 // JVNDB: JVNDB-2021-015998 // CNNVD: CNNVD-202112-637 // NVD: CVE-2021-43067

SOURCES

db:VULHUBid:VHN-404117
db:JVNDBid:JVNDB-2021-015998
db:CNNVDid:CNNVD-202112-637
db:NVDid:CVE-2021-43067

LAST UPDATE DATE

2024-08-14T15:37:50.504000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404117date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015998date:2022-12-05T05:50:00
db:CNNVDid:CNNVD-202112-637date:2021-12-13T00:00:00
db:NVDid:CVE-2021-43067date:2021-12-09T14:41:09.607

SOURCES RELEASE DATE

db:VULHUBid:VHN-404117date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015998date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202112-637date:2021-12-08T00:00:00
db:NVDid:CVE-2021-43067date:2021-12-08T12:15:07.933