CVE-2021-41020

Summary

An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiIsolatorFortiIsolator 2.3.2, 2.3.1, 2.3.0affected

Weaknesses

  • Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References