cvedb.io
CVE-2021-36177
MEDIUM · CVSS 4.2
EPSS exploitation probability: 0%
Published 2022-02-02T11:15:07.637 · Last modified 2026-06-17T03:58:28.197

Summary

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.

Affected products

fortinet — fortiauthenticator

Does this affect you?

Add your gear to cvedb and we'll alert you only when fortinet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.