Commit CVE-2021-24005

2025-07-29 05:56:59 +00:00 · 2021-06-10 10:57:33 +02:00 · 2021-06-10 10:57:33 +02:00 · 170d31e4c2
commit 170d31e4c2
parent 9a993500a1
1 changed files with 63 additions and 3 deletions
--- a/2021/24xxx/CVE-2021-24005.json
+++ b/2021/24xxx/CVE-2021-24005.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-24005",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "FortiAuthenticator",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiAuthenticator versions before 6.3.0."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Local",
+            "availabilityImpact": "None",
+            "baseScore": 3.9,
+            "baseSeverity": "Low",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "None",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Information disclosure"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-20-049",
+                "url": "https://fortiguard.com/psirt/FG-IR-20-049"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key."
            }
        ]
    }