ID

VAR-202202-1077


CVE

CVE-2021-36177


TITLE

FortiAuthenticator  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004780

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. FortiAuthenticator Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet

Trust: 1.71

sources: NVD: CVE-2021-36177 // JVNDB: JVNDB-2022-004780 // VULHUB: VHN-398095

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiauthenticatorscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiauthenticatorscope:ltversion:6.3.3

Trust: 1.0

vendor:フォーティネットmodel:fortiauthenticatorscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiauthenticatorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004780 // NVD: CVE-2021-36177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36177
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-36177
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36177
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202202-125
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398095
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-36177
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398095
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36177
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-36177
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-36177
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177 // NVD: CVE-2021-36177

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004780 // NVD: CVE-2021-36177

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202202-125

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-125

PATCH

title:FG-IR-20-217url:https://www.fortiguard.com/psirt/FG-IR-20-217

Trust: 0.8

title:Fortinet FortiAuthenticator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180219

Trust: 0.6

sources: JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125

EXTERNAL IDS

db:NVDid:CVE-2021-36177

Trust: 3.3

db:JVNDBid:JVNDB-2022-004780

Trust: 0.8

db:CNNVDid:CNNVD-202202-125

Trust: 0.7

db:CNVDid:CNVD-2022-19070

Trust: 0.1

db:VULHUBid:VHN-398095

Trust: 0.1

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-20-217

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36177

Trust: 1.4

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177

SOURCES

db:VULHUBid:VHN-398095
db:JVNDBid:JVNDB-2022-004780
db:CNNVDid:CNNVD-202202-125
db:NVDid:CVE-2021-36177

LAST UPDATE DATE

2024-08-14T14:24:58.646000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398095date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-004780date:2023-05-01T08:40:00
db:CNNVDid:CNNVD-202202-125date:2022-07-14T00:00:00
db:NVDid:CVE-2021-36177date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398095date:2022-02-02T00:00:00
db:JVNDBid:JVNDB-2022-004780date:2023-05-01T00:00:00
db:CNNVDid:CNNVD-202202-125date:2022-02-02T00:00:00
db:NVDid:CVE-2021-36177date:2022-02-02T11:15:07.637