CVE-2021-41019 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2021-41019?

CVE-2021-41019 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-41019?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.

Vulnerability Description

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fortinet	Fortios	>= 6.4.0, <= 6.4.6

Related Weaknesses (CWE)

CWE-295

References

https://fortiguard.com/advisory/FG-IR-21-074Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-074Vendor Advisory

FAQ

What is CVE-2021-41019?

CVE-2021-41019 is a vulnerability with a CVSS score of 3.5 (LOW). An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to ...

How severe is CVE-2021-41019?

CVE-2021-41019 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41019?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.