CVE-2021-41019

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.6 and below

Description The issue is related to an improper validation of certificate with host mismatch, which may allow the connection to a malicious LDAP server via options in the GUI. This could lead to the disclosure of sensitive information, such as AD credentials. The vulnerability is associated with insufficient verification of the certificate's CN/SAN, potentially allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For FortiOS versions 6.4.6 and below, update to a version above 6.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the LDAP server options in the GUI to minimize the risk of exploitation.