CVE-2021-36166

Critical

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative…

fortinet·CWE-330·Published 2022-03-01

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

225 chars

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

NVDen

225 chars

NVDes

267 chars

Una vulnerabilidad de autenticación inapropiada en FortiMail versiones anteriores a 7.0.1, puede permitir a un atacante remoto adivinar eficazmente el token de autenticación de una cuenta administrativa mediante la observación de determinadas propiedades del sistema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C