Details of VAR-202202-1077

ID

VAR-202202-1077

CVE

CVE-2021-36177

TITLE

FortiAuthenticator Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004780

DESCRIPTION

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. FortiAuthenticator Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet

Trust: 1.71

sources: NVD: CVE-2021-36177 // JVNDB: JVNDB-2022-004780 // VULHUB: VHN-398095

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiauthenticator	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator	scope:	lt	version:	6.3.3	Trust: 1.0
vendor:	フォーティネット	model:	fortiauthenticator	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004780 // NVD: CVE-2021-36177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36177
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36177
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36177
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-125
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398095
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-36177
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398095
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36177
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-36177
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36177
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177 // NVD: CVE-2021-36177

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004780 // NVD: CVE-2021-36177

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202202-125

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-125

PATCH

title:	FG-IR-20-217	url:	https://www.fortiguard.com/psirt/FG-IR-20-217	Trust: 0.8
title:	Fortinet FortiAuthenticator Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180219	Trust: 0.6

sources: JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36177	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-004780	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-125	Trust: 0.7
db:	CNVD	id:	CNVD-2022-19070	Trust: 0.1
db:	VULHUB	id:	VHN-398095	Trust: 0.1

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-20-217	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36177	Trust: 1.4

sources: VULHUB: VHN-398095 // JVNDB: JVNDB-2022-004780 // CNNVD: CNNVD-202202-125 // NVD: CVE-2021-36177

SOURCES

db:	VULHUB	id:	VHN-398095
db:	JVNDB	id:	JVNDB-2022-004780
db:	CNNVD	id:	CNNVD-202202-125
db:	NVD	id:	CVE-2021-36177

LAST UPDATE DATE

2024-08-14T14:24:58.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398095	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-004780	date:	2023-05-01T08:40:00
db:	CNNVD	id:	CNNVD-202202-125	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-36177	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398095	date:	2022-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-004780	date:	2023-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202202-125	date:	2022-02-02T00:00:00
db:	NVD	id:	CVE-2021-36177	date:	2022-02-02T11:15:07.637