Description
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- fortinet / Fortinet FortiOSFortiOS 6.2.0 and below. – FortiOS 6.2.0 and below.
Exploits & PoCs
- nucleiFortiOS - Insecure LDAP Configuration Detectionby ayewo
References
- VENDOR_ADVISORYhttps://www.fortiguard.com/psirt/FG-IR-19-037