First published: Wed May 04 2022(Updated: )
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiIsolator | >=2.3.0<2.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-41020.
The severity of CVE-2021-41020 is high, with a severity value of 8.8.
FortiIsolator versions 2.3.2 and below are affected by CVE-2021-41020.
The vulnerability CVE-2021-41020 manifests as an improper access control vulnerability, allowing an authenticated, non-privileged attacker to regenerate the CA certificate via the regeneration URL.
To mitigate the vulnerability CVE-2021-41020, users should update to FortiIsolator version 2.3.3 or later.