CVE-2021-36177

Name of the Vulnerable Software and Affected Versions FortiAuthenticator HA service versions 6.3.2 and below FortiAuthenticator HA service versions 6.2.x FortiAuthenticator HA service versions 6.1.x FortiAuthenticator HA service versions 6.0.x

Description An improper access control issue may allow an attacker on the same VLAN as the HA management interface to make an unauthenticated direct connection to the FAC's database. This could potentially be exploited by an attacker to access sensitive data without proper authorization.

Recommendations For FortiAuthenticator HA service versions 6.3.2 and below, consider restricting access to the HA management interface to minimize the risk of exploitation. For FortiAuthenticator HA service versions 6.2.x, restrict access to the HA management interface until a patch is available. For FortiAuthenticator HA service versions 6.1.x, limit access to the FAC's database to prevent unauthenticated connections. For FortiAuthenticator HA service versions 6.0.x, apply configuration changes to enforce proper access control on the HA management interface.